Yeah, yeah, yet another coldcall scam post, but featuring a ploy I haven’t come across before, intended to convince you that the scammer really knows something about your system, so that you’re likelier to fall for the scam.

Rebecca Herold reports for InfosecIsland that she was contacted by one of those helpful “support desk” people who call you up to help you with problems you didn’t know you had such as malware you don’t have. (Hat tip to @FSecure for the pointer to the article.) She reports that the caller was from a company calling itself EProtectionz and using what looks like a New Jersey number. However, I notice that company’s web site also has phone numbers for Australia and the UK, so it looks as if the usual English-speaking populations are being targeted, using ammyy.com and logmein.com to get remote access to your system – there’s actually an ammyy.com link on their web site, which is registered in Illinois, though Herold’s caller had the Indian accent we’ve come to expect from this kind of scam.

The really interesting feature, though, is the way that the scam seems to have moved on from giving you your address (which they get from a telephone directory)and a fake IP number to convince you that they can really see your system. According to Herold (and a quick google indicates that others are experiencing much the same thing) the scammer now asks you to check a CLSID.

A CLSID is a Class Identifier stored in the Windows Registry — at HKEY_CLASSES_ROOTCLSID, but I don’t recommend that you go digging into the Registry unless you really know what you’re doing. Fortunately (from the point of view of interfering with Registry entries), the scammer doesn’t need you to edit the registry to find the CLSID he’s looking for. He simply has to persuade you to run the ASSOC command. It’s easy to do: you click on the Start button, Run, type in CMD to get to the command prompt (DOS prompt) and type ASSOC. That runs through a long list of file associations, telling you (for instance) that “.xltx=Excel.Template”.

Since it’s a long file it scrolls straight to the bottom, but if you’re really interested in seeing exactly what it contains, you can get it to go through page by page by typing in “assoc | more”: however, the scammer wants you to go straight to the bottom so that you’ll see this entry:

ZFSendToTarget=CLSID{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}

That’s the CLSID on both the PCs open on my desk at the moment. Amazingly, it’s also the one that the scammer quoted to Herold. And I bet that if you have a recent version of Windows and go through the same steps you’ll find that you have it too. In other words, the scammer can’t see your CLSID or anything else on your PC, including your Event Viewer logs. Unless, of course, you fall for the scam and give him remote access with AMMYY or LetMeIn.

The good news, though, is that if they’re using a local number and other local presence, you may have some legal recourse if they insist on phoning you even though you’re signed up to a Do Not Call registration service. I don’t know anyone who’s gone that route yet, though, so no promises. All the scam calls I’ve had (and there’ve been many!) have been international.

I've received four such calls in recent months. Never made it to the CLSID stage but I'll try to get there next time and give them a completely different number. See how they'll react. :-)

David Harley

I was getting several a week at one point, but they seem to have given up on me. :-D

TConx

I just got this call. Said he was with my ISP, but didn't mention the name of the ISP. SCAM ALERT ACTIVATED!
Asked for me to hit Win+R for the Run Prompt, but otherwise the same routine. Of course, as I'm telling him "yeah… ok… I see it…", I'm hitting up Google. 'Command prompt assoc scam' delivers me here, and confirms my suspicions. I'm A+ certified, but even I was unaware of this little registry entry. Still, I can see how less the less tech-lit might get caught…

Amy

I just got one of those calls…Actually I have had many many of those scammer calls here in Canada but this is the first time the person quoted the CLSID and amazingly the CLSID was exactly the same as the one you have posted here. Many people are actually getting scammed by these thieves. They ended up hanging up on me when I gave them the run around but surely there must be a way to stop these scams.

Michael

Still in Canada, this time in Vancouver, this scam has just improved. The caller is now pretending that “your Microsoft’s Computer Licence Security ID has been identified has obsolete and need to be renewed”.
Naturally such Computer Licence Security ID doesn't exist, and the caller is still going to trick you with that same CLSID acronym, using that same Class ID number that you can also obtain using “cmd” and “assoc .zfsendtotarget”, (which prompts the unique Class ID that identifies the software component associated with the .zfsendtotarget file extension name).
But whatever you could know, it’s always better to be used to check on Google, to verify in real time if what being told you, is clear from tricks.

Linda

Vancouver here. Just received a phone call…they are pretending to be with All Windows Operating Systems…if the sales person cannot get you, they transfer you to a technician..they say that if I do not type CMD in run my computer will crash. I advise I do not believe they are who they are and to send me an email. They hang up.

Pete

Adelide Australia. Just received same phone call and got passed up through two "supervisors" when I started asking questions. Got all the way to CSLID and realised they were talking rubbish and said I would call them back once I had verified they were who they said they are. Just a quick search on the internet found this site – thanks

Phil

Sydney Australia Same thing just happened to me. Indian sounding lady asked to do CMD the assoc to check CLSID 888DCA60-FC0A-11CF-8F0F-00C04FD7D062 .
I googled it while I was on the phone and then asked her to E-Mail me their details and I would deal with it then.. Thanks

Jim

Hi, I'm based in the UK but have just had exactly the same experience as Phil. The woman on the other end was very persistent and I went along with her and typed in the CMD assoc. She then wanted me to identify the file CLSID 888DCA60-FC0A-11CF-8F0F-00C04FD7D062. She then wanted me to let her sort the 'problem' out but I was already suspicious and kept asking her different questions. She eventually hung up.
I looked on google and found your site. Clearly these people are scammers and people need to be on their guard.

gairh

Just got hit in the Vancouver area from scammers pushing "assistmypconline.com" and "showmypc.com". Took the bait and let them in and am now changing passwords and running a/v scans. Don't be a dumbass like me.

William Holmes

Got a call this evening from an Indian sounding gentleman using the telephone number 09999100250 and claiming to be from "Microsoft Windows Support". He said that my computer had been accumulating viruses and that hard drive on my machine would totally fail soon. I told him I thought he was a liar and hung up. He immediately rang me back from a "Number withheld" line and insisted he wasn't a liar. He said he would prove he was from Microsoft, correctly quoted my name, address, phone number and got me to go through a routine that would reveal the CLSID – he said this was my computer's "unique identification number". He quoted the number 888DCA60-FC0A-11CF-8F0F-00C04FD7D062. Being unfamiliar with CLSIDs I was a bit shaken to find that my computer indeed had this number. I asked him to ring me back, then did a Google search. I discovered that the number quoted is NOT my computer's unique ID – this number appears in MILLIONS of computers running Windows! These scummy people want your credit card details so that they can get your money. Don't give it to them!

Tom Fanning

I am from Melbourne, Australia. Got a call from "Windows Explorer Support" "we're the people you call when your computer has a problem with windows" "we've been getting information about your computer that there are security issues". I called him a scammer and that if he got access to my computer he would load a virus or phishing software. Of course he denied it and persisted. Choice Aussie vernacular was used and the conversation ended shortly thereafter.

John Clifford

Just had the same phone call and went right throughto see the CLSID. Didn't tell the caller I was looking at two computers at the time. Got cut off after giving the runaround. There must be a way of stopping these people. For the many older generation of computer users who have been convinced to get a computer but are not aware of these people it is a severe risk. Surely there is a way of allowing them access but tracing where they are coming from and giving nothing away….? Maybe one of our antivirus/internet protection companies can come up with a way of fighting back or would that put them out of business…..

David Harley

John, I promise you that the security industry would be very happy to fight back more effectively, but the technological options for doing that are very, very limited.

Mike

Just had the same CLSID followed by eventvwr from CMD line prompt crack call. I was called from this number – 00016076259911. I am in New Zealand.

Cat Lewis

London, UK here.

Just had the same phone call as all of you! Unfortunately, my mother had recently been caught out by this scam and I have been dying for them to call me! Today was my lucky day. Fortunately, I'd just made a coffee and was settled in to completely waste these scammer's time.

It is unforgivable that they prey on unsuspecting people with little or no computer knowledge. Has anyone ever notified Microsoft of these people? The company that called me were Nexus PC Solutions.

I thoroughly enjoyed wasting 71 minutes of their time before I told him that I was well aware of the CLSID scam. He replied that I was "talking like an illiterate child"!!! I laughed!!

I said I was also registered with the Telephone Privacy Service and that I would be reporting his company to them as well as notifying Microsoft.

Is there a website that names and shames these scammers. If not, there should be! – Just simply for people to type in the name of the company calling and see if they are listed.

All the best to all of you.

David Harley

Thanks for the info. Unfortunately, “do not call lists” like the TPS don’t offer any protection, as most of these calls originate in India: as one of them said to me, they simply don’t care. Microsoft is aware of the scam in general, but by all means notify them of this individual call/company: they’re much better resourced for trying to take down malicious sites than most AV companies, apart from the fact that they usually claim MS certification. I’d love to see a site that names the culprits, but verifying the malicious sites and keeping the list up-to-date would be a significant challenge. We’ve listed many of them in the past in the blog, but they change regularly. One site I’m looking at right now has at least half a dozen known backup URLs…

an2ni

lol. I just finished a call few minutes back. I really wanted to go down the road and see how will they move forward pretending I don’t anything about stuffs. Unfortunately i’m late for work thus asked the guy to give me a call tom instead. he pretended to be from an outsourced agency by Microsoft. I asked for his name, but didn’t bother to remember it. He called from +2538020308

Sydney Australia. Yes I too received a phone call last night. I was put through to the supervisor, who was in "Brisbane" , when I asked for a phone number so that I could call back, the line went dead! As soo as the call started I turned off my Wifi, just in case I did something silly, but I played along with the game. The call came in on a landline, but next time I'm going to have a boat air horn ready. The ones that run on compressed air and are $20 at Whitworths, or the Boating warehouse. The really scary thing is that my phone number is only been connected to me for 3 months. It is a non listed number. So someone in TELSTRA is giving the information to the scammers.

Anna

Montreal, Canada. Just received this call (assoc, Event Viever, CLSID). The guy said that he is from Microsoft Support and they were reciving reports lately from my computer and that it looks that it has some malicios software and they will help me to remove it. The thing is… my computer lately DID HAD some serious problems!!! That's why I did believe him at the begining! But after some time I started to suspect something (they knew my name but the address was wrong, he thought that I was running Windows 7, but I have Windows Vista) and when he asked me to type in the Run I was sure that's something is wrong and googeled it. I told him that it looks like scam and hang-up. They called me back thre times right away after that each time from different phone number. I don't think that they get your contact details from phone book because they knew my first name which is NOT in phone book (only initial), but they had wrong address and postal code which is IN the phone book.

Anna

An addition to my previous post: what they wanted me to type in the Run window was triple W dot SUPPORT dot ME (this forums software automatically discarded the web address from my first post…)

David Harley

Yes, I’m afraid it does that. It’s as an antispam measure, but as we moderate anyway it may be a little over the top. Anyway, thanks for the information: I’ll take a look at that.

David Harley

Ah. That seems to be a way into logmein.com, who make a legitimate remote access tool that the scammers are fond of using to get access to a victim’s machine. ammyy.com is also a favourite.

Ben Charlton

YES IT HAS MADE IT THE UNITED KINGDOM
I had the exact phone call today and from an Indian guy, I almost fell for it but as soon as i saw the free software from ammyy.com I gave him the hard line and told him where he can stick his cold call. I live in the south of the UK, and after I was searching to find out what the cls id was because I worked out it was a scam because they could use updates or windows defender to fix my computer, and I found you its exactly the same scam and same people it was quite uncanny. I was'nt stupid enough to fall for it but almost, lucky I no internet security and I am doing a HNC in IT which is like a first year of a british degree. Thanks for the info Ben

David Harley

Thanks, Ben. Yes, it’s very, very common in the UK, and a lot of my blogs on the topic have actually included content from my own exchanges with support scammers…

Roly

Same deal eventvwr CLSID#. i am in New Zealand
Played along to see if I could learn something.
When they hit me with the CLSID I panicked & shut my computor down and told them to +#$% off.
A quick check allayed my fears about the number not being unique. But not being familar
with that file gives one a bit of a hot flush.
They knew a lot of personal info, kinda scary. But I guess we are pretty active on the net.
If you pretend to go along but require verfication of their company ID they have quite a patter
to try and make you a believer. The foreign accent, noisey voip, and a kind of bazaar like persistence
is a dead bust from outset.
I can see how they could persuade new net users into logmein or though.

David Harley

Thanks for that, Roly. Good point about internet activity, though some of the calls I receive seem to suggest random calls rather than good intel. But that may be because I’m more paranoid than most about my personal data.

ANdrew

Just had another one, sigh. They phone at least once a month. I jollied the chap along for 15 minutes until I got bored and asked him what he told his mother he did for a living and if she was proud of him. I explained how goofy the whole evntvwr, CLSID schtick was. He got quite prophane with me (I was being polite) and then hung up. People must be falling for this with enough frequency to make this worth the scammers effort. Nothing clever, just social engineering.

Philippe Lagace

I'm having so much fun with this. Received two calls in two weeks. This time, I was able to keep them on the phone for 43 minutes before they got fed up with me. I make them repeat at least 4 times and I'm playing the dumb in front of my computer. But of course, I never grant them remote access to my pc :-). Can anyone beat 43min?

David Harley

Not me. I usually get mad before they do…

Patrick

I am so tired of these guys man. I have been getting phone calls from them over the past 5 years I worked in call centres I've done internet tech support I build computers from parts and install windows and make them work. To then say they got my clsid ip or w/e. I'm am the most knowledgable guy in the house on computers and I always get these calls. I yell at them and there is nothing I can do. Hes saying hes calling from mainmtence department of pc tech and there are errors from my computer. He wanted me to confirm the CLSID number but I had family beep in so I put the guy on hold and when I went back he had hung up already. I asked for a supervisor and hes stated he was the supervisor there has to be something that can be done cause these guys drive me batty and I'm already batty to start with lol.!!

Jimmy

Same here in London Ontario Canada. Came from 1-999-910-0103. Looking for the CLSID code.

Gavin Cooper

South Africa. Just been thoroughly fooled by these guys!
Had a message on TrustPort anti-virus status icon a week ago that the malware protection part had expired. (TP software was sold me by similar guys about a year ago after my free AV apparently expired for about a month – believed them my PC was full of viruses in the gap; let them in to clean up) Hence, when these similar guys phoned last evening I was softened up to think something may be wrong wrt malware! Coincidences!? I was foolish enough to let them in on ammyy and they showed me all the stuff you mention in your article above. I paid for Seal, P2P, and Web shield whatever this means. Am busy trying to reverse credit card transaction under non supply of goods (software) and fraudulent transaction.
They now have a lot of personal information which is my problem but having let them in probably twice, is my computer compromised to the extent they can get in when they want in future? I fear if I get a bank charge reversal they will do something evil to my PC. They were from Eprotectionz.

David Harley

Thanks, Gavin. Unfortunately, there’s no way I can tell you to what extent your PC has been compromised. There’s obviously the potential to install a keylogger, for instance, but that doesn’t mean that’s what they’ve done. I don’t know what Seal is, though there is an encryption algorithm (not a product) of that name. In this business, we tend to come across P2P with reference to Peer-to-Peer distributed software, but that could mean anything. And Web Shield may refer to a product by Avast!, but it could just as easily refer to fake AV of some sort. Eprotectionz is definitely whiffy, though. Since this is an AV site, you’d no doubt expect me to recommend using a for-fee antivirus product anyway, but in this case I think it’s worth your investing in a good general purpose security product, rather than a freebie. That won’t _guarantee_ that you’ll find any malware left on your system, but it will increase your security.

Bricolux

Thanks David for this useful post. I always thought the CLSID is almost unique to each computer but it is not. I just got such a phone call from the 004259981533 asking me to grant them access to my PC throught , which I DID NOT of course! They also assured me that they identified me with my CLSID as you mentionned. Scammer are getting more and more ingenious and I understand people can get abused.
Thanks again

Gavin Cooper

Thanks David for your comments re my earlier posting (29th Dec).
The good news is Eprotectionz (with South African local number) has refunded my credit card (although ETprotections were the "suppliers" or contact email.) So to all those who are taken in to the extent of payment, immediately request a refund (within 48 hours). These companies have websites and appear legitimate. The fraudulent part is accessing individuals by phone and then convincing them there is something wrong when there isn't. What I was sold is similar to the extended warranty they try to sell you when you buy a new car – they guarantee to sort out problems for 4 years in the option I chose. If I have a problem I call in my local IT man, so I do not need this kind of suspect assurance. After "cleaning" my PC they left behind ATF-cleaner and WinUtilities Pro which are free downloads I see. My question now is are these extras really useful and does not Windows System Tools do the same things?

Gill Davies

Ho. Just got yet another of these calls here in Jerdsey, Channel Islands. I know many others have had the same call here. On one recent occasion when I led the Indian-sounding woman caller up the garden path and let her think I was accessing my computer, then asked as an aside "do you do these scams often?" She shouted at me "You b….y shut up" and slammed the phone down! Despite that I have had 3 subsequent calls, although when they hear my voice they can obviously check their screens as they do not proceed with the call, although they ask for me by name. I am now reporting it aain to our local tepephone company with the number which seems to be from the Bristol area of the UK. The names and phone numbers are not readily available outside this Island and must have been from a list from a website, as one of the recipients of the call does not have a computer herself, never has access to one, and can only have given her name and address when booking flights, as she has no outside hobbies or clubs who might have this information. Also she is listed in our Island phone book under initial only, but was asked for by Christian name, which is an unique one as it happens. The most likely airline is therefore either Flybe or BMIbaby as these are the two she has used last year, as have I. Will keep you all posted on any developments. BTW they indicated they were calling on behalf of Microsoft Customer Support.

David Harley

Interesting. Thanks, Gill.

Olle, Sweden

Just got a call from these guys today. Said he was from Windows (spoke very bad english (Indian/African/Asian)) and that I had a problem with my computer. He wanted me to turn on my computer so that he could show me. I said no and hung up. He called again but I did not answer. The number calling was 004259981533.

Michael

Just got the same call in Singapore 12 hours back, CLSID was same as one quoted above .. 00C04FD7D062

John

Here in Sydney, Australia, I had two successive calls trying this scam on, about 30 hours ago – on Sunday afternoon our time.
I have been in computing toooo long. OTOH I am much more clueless about Microsoft than a lot of other things. So, when he told me that there had been a security breach on my computer, I asked for the IP address that he was receiving the info about. (Then I checked my current external IP address.) He hemmed and hawed and gave me nothing.
It turned out that my wife was also online at the same time, using the same external IP address but a different port. (We are both using private addresses locally.)
I eventually hung up but he called back.
So when he went through the schtick about running assoc from the command line, I got my wife to do the same. As he read out the the string I was able to see that the 'unique' string on my computer was the same as on hers.
Soon after that I told him that waht he was sayhing was ridiculous, and hung up. He hasn't called back (yet?).

Jamie

Philippe Lagace Says:
December 22nd, 2011 at 9:30 pmI'm having so much fun with this. Received two calls in two weeks. This time, I was able to keep them on the phone for 43 minutes before they got fed up with me. Can anyone beat 43min?

jamie says:
wow, 43 minutes! i got bored after about 13minutes going through the motions. My caller got so excited once i took the initiatl bait and went to the command prompt. even after me telling him i knew the number wasn't unique he persisted going on about viruses and other issues. Even me explaining to him that i knew he was trying to scam me didn't stop him, immediately. he finally said he would stop wasting both of our time and hung up.

Chris

Chris in Canberra here,
got a call this evening. First time they have asked me to go down this path. Led them on of course, I wasnt even at my PC, and told them them the CLSID was different to the one the gave me. The woman was so suprised she asked me to check.
I then asked her which PC in particular was a problem, as I have 5 wirtual machines all hooked up behind ISA Server and a router with SPI. once she figured I wasnt the numpty she hung up, after I told her in no uncertain terms to go away and never call me back
W

Rob

Rob in Adelaide here,
Just got the same call 5 mins ago and Googled CLSID scam and got to this web-site and so was able to relax and have some fun with this guy. I've had a lot of scam calls in the last 6 months so I've developed a technique that turns the experience into an enjoyable one. I start by asking if they are religious and without waiting for a reply ask them if their God would be happy with them lying and stealing. I then launch into a tirade about how they are a thief and a sinner in the eyes of God and will surely burn in hell for eternity etc. If they are still on the line, I tell them that I am a family man that works hard to support my family and how would he feel if some-one was trying to steal from him and his family and that he is a criminal and a thief and that he should get a real job etc. The key is to keep asking rhetorical questions and don't give them a chance to respond. It is really satisfying that in the end they hang up on you. Give it a try, its lots of fun.

David Harley

Interesting approach, Rob, but not one I’d be too comfortable with myself…

Bina

Hi guys i just got scammed yesterday! didnt think of googling yesterday. I have told them to call me back today. DAMN IT, i got them to remote to my PC from ammy.com. What should i do now?

David Harley

We can’t really give you direct support on this: better if you can find someone IT proficient to help you, even if you have to pay for it. I haven’t actually been through the process of cleaning a system compromised in this way, and a step-by-step isn’t practical.

If I were you, I’d tell the guy when he calls back that you now know you’ve been scammed and demand your money back. From time to time, that actually works, apparently. More probably, they’ll argue and bully: if so, just drop the call. Shut down your system while you’re talking to them, or disconnect from the internet.

You probably need to get the AMMY software off your system. It’s probably not infected as such (it’s a legitimate utility) but I’m not sure how easy it is for these guys to use it without your knowledge. You should be able to do that from the install/uninstall control panel. If you can’t, get help from someone local.

If you don’t have AV (or have something they’ve installed for you) try one or two online scans: if they come up clean, the chances are that there’s nothing actually malicious on there. (In general, these guys take your money for doing nothing much, rather than introducing deliberate infection.) We have a free online scanner (www.eset.com/home/products/online-scanner/) as do other companies but you should install a proper PC-hosted scanner as well (do that afterwards). Perhaps a full internet security suite rather than just AV. It doesn’t have to be ours, of course, but we happen to think it’s pretty good.

I can’t guarantee this will fix it, but those are approximately the steps that a real support tech should take.

Bina

Just to add to my note above, the number was from an unknown Name and no number was displayed,

Joana

The scammer woke me early on a Saturday morning, but his South Aisan accent was so strong that, after several "I beg your pardon, can you repeat yourself?" all I could make out was "Microsoft" and "CLSID". I must say, I did walk to my computer before it occurred to me this probably was a scam. I asked for his phone number and he hung up. So I googled "CLSID" and clicked on this website. Does everyone experience a strong South Aisan accent or are there scammers who call but have another accent or no accent (if I may indulge in the Pacific Northwest conceit)?

David Harley

All the scams I’ve seen seem to have originated around Kolkata or New Delhi, and most of the reports I’ve received have mentioned the caller’s “Indian” accent. This isn’t unusual in cold-calling generally, and not all cold calls are fraudulent, though most of them are annoying. In fact, I suspect that some legitimate businesses farm are offshoring marketing calls to sidestep local “do not call” lists and legislation. And I’ve an idea that some of the callers are unaware that the scripts they’re following are actually fraudulent: in general, the callers I’ve talked to haven’t shown any indication of real IT proficiency. None of which makes it less irritating, not to say pernicious.

I have seen come across just one report that mentioned the caller’s _English_ accent.

Rod

Edmonton AB Canada here…
I get these calls all the time, almost like clockwork, in the afternoon, in the evening, first thing in the morning… always somebody with almost unintelligible English (why they don't find someone who can speak clearly, I have NO idea – it would increase chances of a successful outcome for them in the western world). I've responded many ways: anger, threats, politely, compliantly, dumbly, knowledgeably… it doesn't matter, the calls keep coming. I got one yesterday afternoon, and another at 8:45AM this morning that got me up after a late night in my observatory.
Anyone who has allowed these scammers access to their computer should take the threat very seriously. If all they did was install a keylogger, everything you type on your keyboard may as well be emailed directly to them – they'll see every keystroke, every password, every detail you enter into your financial tracking or chequebook software. Even worse, you may have given them personal info about your friends and family if you have a "busy" Address Book or Contacts list.
I know its not a popular option, but if I were you, I'd backup all the data files you want to keep – BUT NOT PROGRAMS – onto a flash drive, then reformat the computer hard drive (better yet, spend $70 and buy a new hard drive to ensure you're not dealing with a serious rootkit problem), reinstall a fresh version of Windows, change ALL your passwords to your computer and websites you access (FaceBook, Twitter, your online bank, etc), and reinstall whatever programs you need direct from website downloads, or from your backup CDs/DVDs. In other words, erase your previous system entirely and start over. Then talk to your bank about what's happened, ask them to watch for transactions above your usual amounts (if your typical credit card charges are around $100, ask the bank to contact you about any charges above $200 before putting them through), or worst case, ask for a new credit card and cancel the old one.
Yeah, all that's pretty extreme, and a LOT of inconvenience. But you're dealing with people who DO NOT CARE ABOUT YOU, OR YOUR WELL BEING, and are only too happy to send you a monthly bill for bogus services or products until Eternity, destroy your credit rating, sell your credit info to their pals, and steal your identity to resell to god-knows-who. To these people, you are just a walking ATM machine.
Once you've let them access your info and your computer, you HAVE TO ASSUME that everything you gave them will be emailed to thousands of internet criminals as soon as you hang up. If you're lucky, nothing may happen… but the news is full of people every day who are not this lucky, who's credit rating is destroyed or their bank accts emptied by these criminals. Its the ugly side of mass internet use.
MICROSOFT WILL NEVER, EVER, EVER CONTACT (PHONE OR EMAIL) ANY CUSTOMER ABOUT A VIRUS OR MALWARE OR ANY KIND OF PROBLEM. NEVER EVER EVER. NEVER. Anyone calling you claiming to be from Microsoft, or from a Microsoft tech group, or a Windows service agency is NOT your friend, or trying to be "helpful". Unless you enjoy wasting your time by playing with them, just hang up. Put their caller ID on your call-screening list (sometimes that works, but not always), and just don't play their game. If you don't play, you can't lose.
Good luck out there – and be careful ! :)

David Harley

The fact that most of the callers sound Indian has a geographical basis: every instance of this scam that I’ve seen seems to have originated in India.

I agree that once you give a scammer access to your PC (not to mention your credit card) you’re open to all sorts of abuse, but I’ve seen no proof to date of complicity between these scammers and those responsible for spreading rootkits and the kind of major financial fraud we associate with some botnets. The software most likely to be installed (apart from the remote access software, is usually a free version of something legit) is an evaluation copy of some security software. That doesn’t, of course, mean that they never install something frankly malicious, and it certainly doesn’t mean there’s no way they ever will, but I’m not seeing reports that indicate that it’s happening at the moment. So a complete reinstall and replacing hardware is a bit over the top, perhaps. There have been instances where a system has had to be rebuilt, but as far as I know, that’s tended to be because of inexpert modifications by the scammer, or because the victim called in a tech who may have overengineered the fix.

It’s actually not quite true that you’ll _never_ be contacted about potential problems with your system: there are, in fact, circumstances in which an ISP, for instance, might be contractually allowed contact a user (directly or through a 3rd party) because of malware transmitted from his IP address. At present, that’s a very rare scenario, but when/if more ISPs favour the “walled garden” approach where your access to the internet is dependent on your having a clean machine, it’s going to add an extra layer of complexity to the problem.

John

I've had a couple of these calls. I was having a cup of coffee and stroking the cat at the time so I decided I had a few minutes to play with them. Firstly I pretended to mis understand al most everything they Indian gentleman said, i.e. "press the key, windows, R for Romeo", I don't have a "Romeo" key, I have ctrl, shift, esc, etc etc

Then when I led him to believe I had Linux running on my windows PC, by mentioning "Gnome" comes up when I press windows and r (I don't, I have a Max with OS-X lol) he gave up.

These guys must con a lot of vulnerable people though!

Matt

Brisbane Australia, had an indian woman claim she was calling from PC Solutions, and also claimed she was in Brisbane despite the deafening delay in our telephone transfer. I got past the CMD part where she feigned that my computer was doomed and she was going to transfer me to her manager who knew how to deal with these types of these things. She kept reiterating all the issues when I said I didn't have time and i'd work it out via google, which brought me here.

brian normansell

yes i have had a lot of calls from indian speaking person who claimed he was from microsoft and my computer had lots of problems ,viruses etc and that 12 digit number on the send to target was my identiy for mirosoft .i acted a bit dumb and kept him on the phone for a long time,but i thing he lost his rag in the end,asking me if i could speak english.i hung up on him then

Jake

Just got a call from them, I'm an A+ cert tech. I had alot of fun with these guys. The guy on the phone had an Indian accent, I asked his name, he gave me Martin Smith… Really? HA!
I also got the phone number 1-315-285-4200 which I called and got someone who answered the phone as "IPC Support" in NY City. Same as the caller.
And by the way, I run Ubuntu Linux. I asked him to tell me what version of Windows I was running, he asked "7?"
I will try to report them to whatever authority handles these things. Maybe getting a story done on the news would be more effective?

David Harley

There has been a trickle of stories in the UK press in the last couple of years, very little elsewhere. Unfortunately, guaranteed pickup of a security story by the mainstream press is a bit out of my skillset.

George

Wow It's reached South Africa, really guys? Just got a call from an Indian guy saying that my PC has had some errors and that he can fix them. He assured me he was legit. But Imediatly it didn't make sense to me, I studied computing and have no problem fixing my own pc and I also know that the number he provided is easy to obtian so I told the guy to stuff it. Being intrigued afterward if anyone else has had a call like this I checked Google (google is your friend) and now i'm here… Still pretty hilarious that it's come all the way to us though.

Verlin Penner

Cartwright MB Got a bunch of calls from these guys. These are the caller ID numbers they used all within 10 minutes.510-943-3040 + 999-910-0119 + 123-456-7890. They said they were calling from 24/7 PC Help or maybe Health. Desperate that my computor had a virus & they were going to fix it. I said thanks I would call Inetlink my service provider & have them call 24/7 PC help back can you give me your number. NO, NO sir you do not understand, We are your General Service Provider, Inetlink is only your local company only we can fix this problem can you please go to your computor and we will HELP you through the process. umm well tell you what guys no thanks but ill call the guy who sells me my computers and have him check this out or call you back. Then they hit on a really good punch line. Oh NO sir Only YOU can make changes to your sevice account no one else can make these changes for you. DO not let anyone else take control of your account. uh huh bye & i hung up & called my sales/repair man who sent me straight here thanks alot.

Verlin Penner

Addition to above. Yes they were on this CLSID code all the time said only they carried this code only they could help me. Then when i hung up they called me back 5-7 times. What kinda riled me up was that after i hung up on them & waited 5 seconds like usual i tried to make a call & they somehow still had my line open they were right there ready to go again. i hung up again & waited 20 second, they were Still somehow holding the line open. I do not have VOip or anything wireless how were they doing that. Then they called back 5-7 time one time it went to voice mail so i could here a little bit of noise then they hung up but when i picked up the phone again to dial here they were somehow still on the line. THANK-YOU

ry

Got the call 3 times this month. I asked for the phone number and they gave me 1-866-948-2934. Having been through this before i called him on it and all of a sudden he couldnt understand english or speak it. Then the so called supervisor called me back, claiming that he is calling to say everything is ligitamate he called from 1-132-354-2152. Im from toronto, ontario. my phone number must be on some kind of india call list as they call daily to see if i need my ducts clead too. so annoying.

Shan

Yes I got a call from One Stop PC Solutions saying that I have lot of error messages in my windows PC and sending these errors to Microsoft and we are the one chosen by Microsoft to support the windows users for any malicious progrmas installed for clenup. We have report saying you have lots of erros reporting if you don't clean up immediately these malicious programs may crash your pc.Microsfot gave your personal information to call you and support the erros you have in your pc. Such as rundll32.exe is the process information.
The person called Robin White from One Stop PC Solutions and I asked him his phone number and company he gave this information Phone number 1-201-338-6142.

If you come across this kind of ananymous calls do not answer and accpet whatevr they are saying.

THESE ARE SCMMER CALLS
Good luck

Happy PC

I don't answer my land line. The only people I need to hear from, have my cell #.

RaiyN

YES IT HAS MADE IT TO SINGAPORE!
Being Indian myself, the Indian guy holding the name Henry Peterson immediately threw alarm bells. I told him I would wait for Windows to release a Malicious Software Removal Patch and upload that. Thank you and goodbye!

SteveS

I just got a call from a scammer who said she worked for PC Solutions who rang from 02538020308. She said that over the last two weeks they had received information saying that my PC was sending MALICIOUS messages to MicroSoft and she wanted to help me to fix my problem.
I asked if she had a Web Site that I could look at? This threw her for a minute and she said pertly "Do you want to proceed with this call?" We went through the steps exactly as detailed above – Command Prompt – Assoc – CLSID. She read back the CLSID and said it PROVED that she was calling from a reputable company since she could read this number back to me.
As she was talking I was trolling through the internet and suspected that this was a fraudster!
Thanks very much for your comments — spot on!

Ani

l got the phone call today.. (UK) l`d never heard if this scam.. He ended up putting the phone down after 5 mins (and l`d been passed to his superviser) LOL… l`ve now emailed this to all my contacts.. Put it on Facebook and notified the police that it`s going on in my area.. The more people aware of this the better.. l`ve been on the net for over 10 years and not heard about and apparently the scam`s a few years old.. So please tell everyone.. Be safe ;) x

David Harley

Thanks, Ani. We’re really trying to get the word out. :)

Remedy

Im in NZ and have had a heap of these, always try keep them on the line as long as possible – just reached 37 minutes. This time had the CLSID stuff for the first time.

Julie

Hi just hung up from this scam. Somerset UK. I was almost fooled, the Indian person was very persistant. Witheld number. From One Stop PC Solutions.com asked me to click 2nd technician that my computer was sending virus's.
I did download the AMMMY file but did not open cause I was getting concerned.
I hung up but the person phoned back and left an abusive message on my answer phone.
I was looking at onestoppcsolutions as I was talking to him and it almost seemed authentic, if they have a website which they use to interact with you surely they can be traced. I no very little about computers so apologies if what I am saying makes no sense.
They said they were calling on behalf of Microsoft and took me to the foot of the web page to prove authenticity.
Please can you tell me if my computer is going to be ok? More important my private information, credit card, bank details etc

David Harley

Julie, thank you for that information. Yes, if the website is genuine, the company can be traced, but getting action taken is rather more difficult because it requires cooperation across borders. We’ll pass the info on, though.

If you didn’t open the AMMYY file, the scammer probably wasn’t able to get access to your system to do any actual damage. (In fact, this type of scam generally doesn’t result in deliberate damage anyway.) If you gave him any financial details, you need to contact your credit card provider, bank etc.

from Paris

It has just made it to FRANCE!
same scenario: a call from a woman with an indian accent, CSLID and so on. I got almost fooled by the CSLID trick, but became really suspicious when she asked me to type an internet adress. I decided to check on the internet, and stumbled upon this thread. I read her some of the posts on this blog… no reaction. I eventually hung up.
Anyway… thank you!

David Harley

Thanks for that. As a matter of interest, did she talk to you in French or English? We’re seeing an increasing geographical spread, but so far no reports of using other languages. Of course, I have to wonder whether that’s next.

from Paris

She talked in English. Actually – I now realize how stupid I was – the fact that she spoke English made me think it was legit. We get a of calls from offshore call centers, but they are always in French (usually based in North Africa, as you can tell from the accent). I thought: why would a call center from India bother to call in France, if it was not for something important? But, yes, an interesting geographical spread indeed.

Mike Comerford

These scammers now seem to be calling Vancouver, BC area. All the detail is almost exact. The caller was definitely from India with poor command of the language. The CLSID was exactly as mentioned, which really makes you think they can see into your computer. They did the event viewer thing, but when I resisted, he passed me to a supervisor. He said he was from Global ITSolutions, but I somehow doubt it. The name provided was Adam Shaw & his call back number was 1-800-831-0471, which appears to be a bogus number. They then wanted me to pass control to them, by logging into ;
This is all pretty scary. I know my stuff pretty well, but seemed to have knowledge of the fact that I had recently installed a new Win7 machine, that operated on the same LAN as another recently purchased Win7 machine, that shared a common Internet access and that this was at the heart of the problem. Their personal knowledge of these recent events is what ALMOST made this work. I can't imagine how they could know this info. The internet access and the wireless router have been in use for years. Be careful out there.

Frank

I had a call earlier today asking me the same thing. She had an Indian or Pakistani voice. I asked who she said was from again, and she said Windows. That they had received error messages from my computer. She asked me to type cmd in the run window and then assoc and to look for the CSLID. She asked it the numbers were the same as mentioned above and asked for my permission to go into my computer. I said no one goes into my computer. She said she understands my concerns but said that this way, they can see which files contain jumk or malicious viruses. I asked her name and she said Denise Smith. I said well I am not letting anyone get into my computer. She said I can cal back later if I want and I said ok and asked her number. I wanted to see what she gave me. She said 323-919-8311. I asked what area code was 323. I had my phone book out and was looking up area codes for the the states. She said California. I said it doesn't show any area code of 323 for California. She said it was a toll free number. I said ok and hung up. I did a reverse number look up and it was a California number but was a cell phone. I have caller ID on my phone and the number showed up as 510011. I googled about CSLID and found this site and read other posts. I am glad I didn't do any more with her. I don't have a credit card, so she wouldn't have got any money from me anyway. I am guessing my computer is safe since I didn't go further with her, other than checking the CSLID number.

Frank

I do have 2 desktops. One in my son's room. It is wireless and it has the same CSLID number as this one.

Mark

Nice, I was not as good as the guy who kept 43 minutes. I could only manage to keep them for 27 minutes on the phone.
A certain Ms Janet called me from Windows Technical Support.
Claimed that my computer had problems and they wanted to fix this.
Funny thing is that my computer is having a lot of BSOD (Black Screen of Deaths as well as Blue Screen of Deaths) due to some harware malfunction / incompatibility.
So I thought, okey – lets see what happens.
Cmd prompt. Taking me to the INF directory of windows, asking me if I recongnise some of the files. As a matter of fact I do as these are Driver files if I'm not incorrect.
She heard me being cautious so she took me to Prefetch Directory asking me to type Prefetch "JUNKS" as to further hit on the issue that I was having problems with "junks file"
Now she wants access… and no, there is no way she will get access. She wants ammyy.com connection and I refuse.
She tries the Cmd prompt. Assoc and clsid number. Telling me how unique this number is.
She claims that it is free?? now but later it will cost money, but "sir, you decide"…
So I tell her that she can give me a Knowledgebase number for this problem that "affects thousands of people". She has none.
I ask her to tell me which departament she calls from. She claims Windows Tech Support. I tell her that I want to get into touch with Microsoft and verify her story. She claims that Microsoft doesn't call people, Windows does. Okey…That's new to me. So what number does Ms Windows have… since she is calling me, obviously she has a phone. I want a number. She has none.
I tell her to share the "findings" with me – so that I can tell my "security people" what is wrong.
She can't. Claims my computer has connected to other computers when doing banking and buying online. And that I now have corrupted files and other computers have access to my computer.
I have to give her 10 points for being persistent. But 0 points for being a dumb-ass.
When I tell her that she is dealing with high security and confidential information on my computer and that I will alert my departament of security to verify her person, where she works, eats, lives, and what her parents have for breakfast, she hangs-up.

I hope someone scams her parents really bad. Takes all their money. Maybe then will this little pathetic creature understand. People like this deserve no mercy. No second chance. No clemency.
I run computers as part of my life. I use encryption on HDD including operative systems. I use all necessary protection with online activities. But nothing will help you if you let them connect to your computer. Funny thing is that my warning lights came on, but since my computer has reported BSODs to tech support, I was very curious in what the heck this is.
NEVER EVER LET ANYONE CONNECT TO YOUR COMPUTER. MICROSOFT (NOT WINDOWS) DOESN'T GIVE TWO HOOTS ABOUT YOUR COMPUTER FAILING OR RUNNING SLOW. THEY WILL NEVER SPEND A DIME ON YOU TRYING TO FIX THINGS. YOU'LL HAVE TO CHASE THEM.

Dave

Hi there. Had a similar call this morning – previously put the phone down on these calls. Played along with the caller who went through the CLSID process and event log to find errors and then wanted me to permit him into my PC via . I then refused and he tried to reassure me by giving me his name and phone number – 0800 404 6964 and he called himself Techi4you, a windows service provider. No response from the phone number as expected. The original scam call was from an International address and the caller sounded indian. Interesting aside was that the errors on my PC were being reported to the service provider and afret 3 days of errors, they identified my phone number from my PC's error message. Big brother really is watching!!
Never let anyone remote into your computer.

ron from somerset uk

Called this morning from techi4u with backup website etc www …. com.au very plausible approach to the unsuspecting.
Only managed about 20 mins talking and he gave up after insisting on an email address where I could contact him.

Jason

Hi guys… yup.. Moncton NB Canada.. got one of the calls as mentioned above tonight… only got as far as showing the CLSID..then I asked how he got my number and what my name was….he says from the information provided by microsoft and the ID, he could do a trace and get my number…of course, he called my number but it was not my name, but was not my name listed in the phone book …lol..eventually he tied to accuse me of sounding like a HACKER…hahahaa… right back at ya buddy !!! They then got verbally abusive and hung up. Don't you dare try to fool a 25yr Electronics/Computer Engineer…..dumb-a$$.

Jason

oh yeah… I had him on the phone for 44min. !!! lol

Erin

From Alberta. Just had this phone call. Was on phone for 25 minutes. Had hard time understanding him and east Indian accent. Stated he was from Microsoft Windows Support and that my computer has been rending him errors. He showed me the CLSID, and everytime he had me look up something ie. eventvwr.. and told him how many events there were he would cheer "oh my God, we need to get this taken care of right away!" …He was trying to lead me to onestoppcsolutions.com but hung up when (luckily for me) I couldn't get my wireless internet connection. I immediately googles it and found this site. YIKES!

Looroll

Hello,

Just got this call! I was passed to manager lol, he tried it on with the CSLID business, as soon as I said it wasn't a unique number he tolf me it f**king and hung up! Unfortunately he was calling from a private number. Scary that this sort of thing goes on though.
Your article came up when I googled "Clsid scams" while talking to him. Thanks for the info :)

Keith

Got the call in Ireland! They've been calling me since I got my land line installed. I've missed the calls most times but I had researched the phone number and found out exactly what was going on.I have an excellent knowledge of computers so I wouldn't have fallen for it anyway but it was handy to know what they were going to say, try and get me to do, etc.
Managed to answer once and after a few seconds there was a man on the other line presumably from India also. He told me he was with a company that was working with Microsoft and that i have serious problems on my computer. I responded saying "I know this is a scam, you're never going to get any money from me and take me off the call list because they are only waisting their time" I hung up without giving him time to answer.
Got another call last night from 0119(shorter than any of the other numbers they have called me from).
He told me I had a problem with my windows and mac(i don't have a mac). he then went on to say every windows version was infected and listed out all windows releases since windows ME
Decided to have some fun this time to maybe annoy them into taking me off the list.
Only managed about 7 minutes on the phone leading him up the garden path. Pretended I had difficulty reading, he told me to click the windows icon. this took about two minutes at least. CALLER: "click once" ME: "oh no i've clicked twice, how do i do that, where is it" etc.
got to the event viewer part and pretended to type the commands he wanted. after getting him to explain how to do this about 10 times i told him i clicked ok but now smoke has started coming out of my machine. he knew then i was having fun with him and that's when he started getting really Irate. he started to tell me over and over that "I was a fool" and "we are going to punish you" then hung up.

So my thought is for all of us to waste as much of there time as possible thus stopping them from getting through to someone that actually might believe them.
Also there should be more warnings out there about this type of scam. I think all ISP/telephone providers should send a message with one of the bills they love sending out, to warn people of this kind of attack.
Or credit card providers/banks should send a message to all account holders warning them of every scam that is known to them. and constantly update customers as new scams come online. They spend lots of money trying to make your bank account safe so why cant they just put one small notice in every bill(not likely due to cost), or even a note on the bill itself, put scam info on their websites, or email every address the bank has available to them with warnings.
Maybe give one of the tabloid papers a call claiming to have lost an entire lifetime of savings to this scam. They'd probably run it without checking the source. Then we have raised some awareness. I wouldn't feel bad doing it to the tabloids. Most of the stories are made up anyway.

Peter Price

Brisbane, Australia
This was the second time I've had one of these calls. I looked up this site while I was talking, to try to find what the bottom line was. I eventually asked what they wanted from me, which they thought was a strange question. I was told that I would be offered some security program for $235.
The other thing this scummy lowlife said was that he would "block my computer if I didn't listen". Then he asked if I was married, and I told him it was none of his business. "Why is it none of my business?"… on and on.
Eventually he told me that I "could hang up now".
I tried the Melbourne number they gave me to confirm their business presence in Australia, and the same guy answered. But the original calls came from "Overseas" according to my phone's caller ID. I guess they've got some call redirection machine set up in Melbourne. I'll try ringing Telstra and see if they can do anything.

Keith

I rang my phone company to see if they would block the numbers but they said they can't do anything about it. these sneaky scumbags use different numbers all the time so it isn't possible to block them because they will just use another number to bother you next time.

they also told me to report it to the police because they have been trying to collect as much information as possible so they can attempt to take it further and stop this from happening.
all of our names and phone numbers are on a list and won't be taken off. I know they didn't get my details from my phone provider because my last name in the phone book is different to what they had on their list. they called me by the english version of my name which I have only used while providing details online.
We all just have to be more protective of our details online. I have even set up a second email account to help with this. any website looking for my email just gets this second address unless i think they are trustworthy enough for my real address.

chef hermes

Devon UK.
Just had one of these calls. Guy was calling for Microsoft outsourced company 24-7 something or other.
He got stuck when I went off piste & asked him to tell me what OS I was using on the 4 computers on my network.
Dont really understand either were he got my number from as it's delisted & private.
He eventually passed my to a tech guy & I told him that my best mate ran WebSphere at IBM with access to some of the best techies in the world. He then passed me on to his supervisor who called me a liar because I told him the CLS ID he quoted me was wrong.
Could have kept it up for hours, but after 30mins of them trying they hung up on me :(

Novice052

Just got this call today here in the U.S. Had a bit of fun with the fellow. He eventually told me, "have fun when your computer crashes!" Lovely!

Sylvia White

LOL I received this same call from the number 1-(210)-251-0011 *location San Antonio Texas and the fella on the phone told me he was from Microsoft Windows Support and informed me I was having issues with my computer and that they noticed the problem. I asked them how they accessed my computer and they informed me via my computers ID number and gave me the CLSID (I know what my product ID is and where to locate it and the number htey gave me I KNEW was incorrect) I played along and recorded them. I'm tempted to allow them to access one of my OLDER computers which I plan on formatting anyway and doing what I did today and that was recording them on video and making a total ass out of them… once he strung me along as much as he could I informed him the number he gave me wasn't the product ID for my computer that I had and that he had to be mistaken. I then informed him I was an IT professional which I am and he laughed at me LOL… kind of funny when a scammer gets caught in his own lie. Good thing I'm smart enough to know the difference, for one how the hell would he get past my network? I didn't give their company access to my networked system (people who access my website/network and wifi NEED a password) So I did find it quite amusing to see this idiot tripping over his stupidity. I just hope people learn that this is a scam and need not to fall for it. I plan on blogging about this and putting up the video in my blog :)

Corinne

Had these calls for over a year now, at least they've stopped pretending to be Microsoft, but they did try the clsid the last time. I just googled as he talked and quoted him what a clsid is, rather than his definition. Funnily enough he hung up – best one was last year when one of them insisted I must have a "My Computer" icon in the top left of my screen….nope, i had renamed mine and moved it elsewhere on my desktop, yet the idiot insisted it had to be top left and couldn't be renamed.

Phil

Listen to this scammer convo with the BBC’s technology correspondent Rory Cellan-Jones:

Montreal. I had so much fun with the entiry family. We were passing each other the phone and starting from the begining. Fake bathroom brakes and pc reboots… The Indian guy was very patient. But he will get pissed eventualy. After 20min and more. :)

joey

Just got this call a few minutes ago here in Winnipeg, Canada. The first guy sounds like Indian and sounds stupid. He transferred me to a lady who talks like legal. I'm suspecting so I asked her to tell me my ISP, she diverted the conversation. I asked again to tell me IP address. She told me she will tell me my unique CLSID (now I know it`s not) so she gave the Run-CMD-ASSOC command. At the same time I was googling. Maybe she noticed it's taking me a while so I might be doing something else to get her so she hung up. Next time I`ll get them… Be careful everyone…

Mel

Calgary here – yup received this call twice in two weeks. I keep telling them I'm not falling for this scam so stop calling, but they haven't yet. Don't fall for it. Microsoft people don't call you at home…they don't tell you to run something on your computer. They don't tell you to type CMD and ASSOC from your Windows tab and Search area. I don't have problems with my computer (other than normal ones). I have a third party virus program that I run as most Canadians do…(Nortan, Symantec, firewalls, etc).
Ask where they're calling from and ask them who they are calling for – "ma'am" or "lady of the house" tells you they really don't know who they're calling…ask how they got your number…ask for their number and that you'll call them back. Hang up. Then do the research because you'll find they're not legit. DO NOT fall for their scams.

Maria

HI
I am from Montreal and I just got a call a few minutes ago. The person had an indian accent and was acting like it was an emergency. He indicated that he was from Windows Support and that my computer has been hacked and that it is very important to fix it. He gave me the CLSID number that you mentioned above and wanted me to go on my comupter but I told him that I did not have time right now since I was busy. He kept telling me how urgent it was but I did not go for it and told him to give me his number and I would call him back tomorrow. He said he woud call me again but would not give me his name or number. Glad I read your article on this.Thank you Maria

Jane

Hi All – I'm from Australia and have had a number of calls over the past 3 days – different people – male and female – a couple of times I just told them to "F off". Tonight they called three times – kept the last guy on the phone for over 30 minutes – he said his name was Ronnie Smith – very suspect for an Indian sounding man. Anway he gave me his phone number of 1800 027 4106 and said he was a supervisor with 24/7 Business Support. The company has offices in Sydney, Canada, UK and US. They are a contractor for Windows technical support. He said he would help fix some system problems that were reported by my PC to Windows. I was suspicious and said I would call him back. Then I got onto google and found you all. How do you stop them from calling – I have previously joined the 'Do not call" register and will now update it.

Paul Crellen

Yes the convenced me with the same CLSID # and I even gave them brief remote access, but when they finally gave me a dollar amount I discontinued the call and shut off that computer, A week later my computer received came up with the S.M.A.R.T. HDD virus, coult I have gotten that from them,

David Harley

Paul, it’s possible, but we can’t really say without having been there.

Andy Jay

My neighbour got one of these calls, as have I. The CLSID is new on me, I used to ask them the IP address they were refering to. My neighbour has not got a computer!
Keep circulating the updates on them.

Rich

Got a call here in Sweden today, from the scammers, of which I was well aware of allready. This scam has now reached Sweden since many Swedes are fairly literate in english. I guess I was targeted since I have A Scotish surname as well. Their phone numer started with 0044…….something. I lost the number in my phone. (+ 44 is UK prefix). My girlfriend took their call a few days ago and hang up after they started shouting. Now i got the chance to enjoy them for a while.
I managed to hold them up for 41 minutes ;). I put my computer in sandbox mode for extra safety (with Returnil = a program that has a good freeware sandbox that restores ALL computer changes made until you restart your computer). Then started another PC on the side to google every command they suggested. Now I was ready to play :)
They ran the full manual with the CLSID followed by "eventvwr" from CMD line prompt where windows always logs minor issues. I more or less continiously asked how they could link my phone number with my computer to some slight pressure on them. I also repeatedly ask for wich Windos licence my suggested PC problem was concerning. Especially after they claimed to have found my name through Microsoft. They bla bla bla of their company was working for Microsoft, only recives a lists from technicians etc. I repeated all my questions now and then. and when the got frustrated I enterd one of their command to give them some new hope.
After the first girl with broken english (possibly african accent, not typical indian accent. Im not native english either) had almost started screaming i wondered why support had such an agressive tone ;) She then excused herself and transferd me to some other bloke.
This bekame a more or less a rerun of the first girl calling me. I stopped puting in command when they wanted me to write in a link to the remote program Ammyy in the dos command promt. The guy finally gave up when I ironicly asked why the CLSID number that was supposed to identify my problem PC was the same in both my running PCs (= 888DCA60-FC0A-11CF-8F0F-00C04FD7D062).
Unfourtunately I don't think they pay a lot for international calls. But I made at least two of them frustrated :)
SOLUTION suggested:
Next time I will ask them to call me on my mobile since my wireless phone needs charging when they think I will download thei program. Then I give them a number to some pay-number sight (suggestibly to the Red Cross or similar aidnumber with answering machines).
If they continue to call I will get a pay-number of my own ;)

Corinne

Just had another call. The indian lady from Windows support told me all 4 of my computers would crash within the next hour. I asked her if she wanted me to do assoc or eventvwr, she said neither, then tried to talk me into eventvwr. I told her their scam was all over the internet security sites and she passed me onto a supervisor to give me their company website address. He just continued on the eventvwr route – while i tried to tell him that calling me week after week won't make me fall for their scam and that none of my pcs will crash as they had said., and i offered to give him a web link to the details of their scam. He hung up.

Next one I'm gonna play along and keep them there for an hour

Chris

Here in cornwall the UK, Just had one on the phone for 40mins, he said the usual story and he told me he was calling from new york,
so i asked him if he had been on the golden gate bridge in central park! oh yes he said
so i kept on asking him random questions and then i started laughing, he was well pissed off when i said you have no chance mate. the penny dropped and i he swore and admitted defeat. he knew i had given him the run around and even started laughing and then hung up

Jack

Just received this call in Toronto , Canada. From a company called IPC Support () which lists itself as an online subscription-based technical support services company (bingo!!)….When he tried to get me to install Ammyy – I sadi no-way and hung up!!

André

Bunbury, Western Australia
Got a call today, exactly the same. I phoned my service provider IInet and asked them to add a malicious phone call tracking on my line. Now they just have to phone me three times while I record the dates and timesof these calls and I'll have their number. Then just hand it in to the police.
I am a bit dissapointed that they couldn't get the details of the phone call allready. I so want to stop these guys from harming any other people

David Harley

That may help if they’re the same company and calling from the same number. Bunbury, huh? I had a very pleasant brunch there a few years ago. :)

Iain of Australia

The best thing to do, is tell them you don't have a computer. They don't even say goodbye, they just hang up. Also I have a lot of old retired friends who don't even watch the news and nearly got stung by this exact thing, Make sure you let the oldies know.

Carina

This just happened to me and unfortunately I was pulled in because I know nothing about computers. I figured out about halfway through what was going on and shut my computer down. They have called me at least 20 times each day this week. I told them a couple of times that I do not wnat their service. Finally today I conferenced in my fiancee and when he confronted him, this guy went off on him in the most foul horrible language ever. Telling him what he was going to do to his mom and to me. I was so upset. Fortunately we were able to threaten him a bit and I don't think he will be calling back. I am however keeping the voicemail he left me telling me he is going f**k me.
Hopefully other people read all this article and DON'T fall for this crap.

Deb

Just had a call like this last night from an Indian accented femail who was most difficult to understand. I had to ask her to repeat herself a number of time which she seemed to find as equally frustrating as I did her inability to make herself understood. She wanted the system number of my computer and I asked her to tel me what it was if she knew I had a problem. She said it wes 888DCA – ha! When I asked how she'd obtained my phone number she ended the call.

peter connolly

Think I might have fallen for this. I ended the call having asked questions for some sort of verification and got none. I did enter something but I cant recall what. I'm left wondering if I've given them access or not. Very annoying.

Sam

Well, isnt this fun? Im in Washington state and received the CMD….assoc……CLSID call today. I held "James" on the line for about 15 minutes playing stupid and asking him the same questions over and over again. When I invented an "emergency that I had to attend to" and asked for a call back number he gave me 626-593-7191. Maybe he will call me again and I can do better than 15 minutes?

Glen

LOL – These guys… just tell them the CLSID does not exist and they give up. It has nothing to do with anything and is just a lure to sell you lame ware that you don't want, don't need – I can't belive they make any money.
I feel very sorry for anyone who has been taken victim by these people. Contact your bank immediately, block any transactions to the company, contest any money if it leave your account as it is theft and forgery.

Adam

Philadelphia, USA. Got a call on this today, 14 May 2012. Called themselves "Data Protection Services for Windows Microsoft" from a guy called Raju. Showed up on caller ID as "Unknown Name 000-053-2212." I was pretty sure it was a scam and pressured him for most of the time for a telephone number to call back, web site, etc. He said they had no web site, and I said what company in 2012 has no web site? He said he could not give me a phone number because their systems would be overloaded if I shared their expertise. After I suggested that he was trying to scam me, he started class ID gag to "validate." When he asked me if I knew what a CLSID was, I said yes, a class ID is a GUID registered to a certain program or com file registered in the OS. He said no sir, it is a Computer License System ID and it was a valid number from Microsoft. Then he asked my Operating System. I said if you have a Computer License System ID valid from Microsoft, you should know what OS I'm running? So he just said OK and skipped past that. Since he was still working from a script I found on this and another site, I said again this is a scam, he assured me no sir it was valid and immediately said he was transferring me to his manager. At this point I simply hung up. 2 minutes later I got a call back from a different unknown number, but didn't answer.

Brett

Well 3rd time they've called me now usually i just tell them to p**s off at start of conversation then hang up but today i thought id play along. They went the route of running a web address in the run command box something along the lines of or me cant quite remember as spent the whole conversation away from computer.
Obviously they was trying to get software onto my computer but i know enough to know that microsoft technicians aint got time to ring around fixing peoples computers. After making him believe id installed the software entered a 6 digit code an that nothing was happening i got put through to technician superviser for 3rd time at which point he gave me the code again b4 i stopped him to say sorry just wasted 36minuits of ur time(with a laugh oc), he left me with a farewell message of you bas***d no good swine.
Oh how that made me smile.

DL

They're hitting the US now. I just got off the phone with them. I played along for about 10 minutes. Damn India people. I finally got bored, ended up telling him that I'm not an idiot and was playing along and told him that he needs to speak better English in order to pull this scam off. He said "this no scam". I finally told him where to go and hung up. He called back immediately cussing up a storm in his "stacatto" way and told me where to go. I told him I was proud of him for using his English dictionary and told him to go eat a cow. He then hung up. No calls since then. Rather hilarious. Please people – don't fall for this crap. Why are so many people out there so gullible when it comes to computers/phone calls/emails?

Steve

Got semi caught out by this today but did not give them any credit card details. Presumably if they were downloading any dodgy software then I would have witnessed this during the supposed "fix"? They only had access for a short time before I bailed out and nothing appeared to be happening during this time i.e. the cursor wasn't moving around or doing anything.

Steve

Further to my previous post, at one point, I was asked to run a command and then asked to quote a 6 digit number from the results which I foolishly did. I cannot remember what this piece of data was called or the command but it was actually a 7 digit number but the woman only seemed interested in the last 6 digits. What are the implications of this? Could it possibly be used to gain access to my PC at any time?

Ron W

Just got off the phone with the scammers….I told them I suspected a scam and wanted a phone number to call to verify their company. I was given this number – (213) 438-9900 which I called and was answered by a person who said they would be calling me back on a recorded line as the number I just called was not recorded. Ummm, since the number I called was answered by a real person, what would happen if everyone who is annoyed by these scammers called and tied up their line??? By the way, I tried calling the number again and got one ring and a hangup…blocked my number did they?

Susan

Hi Just put the phone down to a very iritating indian whos main word wsa "right", very annoying, I got as far as assoc and started looking for scams on the web, he was getting annoyed after 20 mins cos i kept telling him my pc wsa slow "of course it is he said that's why you need to do what i ask!!!. Does he think I was borne yesterday. I do hope these scammers get their comupence (dont think thats spelt right) cos they really get on my nerves. We have this telephone privacy thing but obviously does not work!!

bob

2nd call from these muppets, managed to keep them on the phone for 40 mins while I was taking a lunch break. Took ages for my machine to "boot up" as he asked me to go to the oldest machine I had (it was already running) tried to follow his instructions but he was unhappy when I said this machine was Linux so we had to wait for another machine to boot up (not really :-) then I went into a total inability to carry out even the simplest instruction on the first (or even fifth attempt) – he was very patient. I even got transferred to his "Manager" at one point. Once sandwiches were finished I turned on the scews asking very specific and technical questions to which he had no answer and eventually he gave up. 10 out of 10 for an entertaining phone call. Waste their time and make their lives as miserable as possible !

Kevin

I am from Toowoomba in Queensland Australia and I got one of these calls from an Indian speaking person who said his name was Jason and he told me that my computer was infected from emails that I had received so I let him go on about it and he said that he could fix it for free and that all I had to do was to look in my computer for errors which there were and that he said my computer would crash and that my windows would be no good to me if that happened.
He then went on to tell me that he could fix the problem for a life time and that I would get support from them when ever I needed it for a one time fee of $419.00 and then when I told him that I didn't want to buy it he became very angry and started to yell at me it wasn't untill he said that he thought that I was thinking that he was a scam that he started to tell me just get your credit card and became very rude so I said that I will report him to the windows people that he finally let me off the phone I was on the phone for about an hour.
One thing that I would like to know is that we have a private number how do they get my number so i will be looking into this to see how they obtained my number.
Thankyou for th chance to let other know about this
Kevin

Jean

Just hung up on a rather persistent, nasty Indian-accented man who insisted he was calling from MicroSoft to help me clean up my computer. He started out with stating that my computer was corrupted and was sending various types of failure notices to MicroSoft, and asked if I knew my computer was corrupted. He claimed the corruption was due to malware that I had inadvertently downloaded to my computer. I asked how he knew how to contact me and he claimed it was from my unique CLSID which only I and my "Windows" service provider know. I am not terribly computer literate–I did not know what a CLSID is–but I know enough to understand this was a scam in the making. He claimed only a Windows (or did he say MicroSoft–don't remember) certified technician could fix my problems and that he was going to walk me through the process. I asked him to call back in a half hour, after I had a chance to talk to one of my IT friends from work who is a certified MicroSoft/Windows tech. "No, no", he said. He said I could not wait that long because my computer could crash at any minute. I told him I thought he was trying to scam me because his call came in as "out of area" with no phone number on caller ID. He went on to explain that the number is blocked so that hackers and scammers cannot call MicroSoft back. DUUUUHHH!!! He called poor computer illiterate me to help me, so why would he be afraid that I would be hacking MicroSoft. I should have hung up immediately instead of allowing him to boil my blood some!!!
As soon as I hung up, I checked to see if this is an on-going scam, and thanks to your blog, I find that it is. Thanks for keeping us not so computer literate users informed!!!!
Jean

Keith

I received the same call yesterday in the UK. A woman with a strong Indian accent identified herself as Anna. She said my computer was corrupted (CLSID) and she needed to help me fix it. The call was disconnected (not by me). So she called straight back. All responses to my questions were quite vague ("I work for the technical department") and she claimed she represented all the service providers. When I asked which company she worked for I didn't hear her first response so she spelled out the name, Starcheck. I've been getting 'silent' calls for several months so I don't know by actual speaking to me and not getting very far will deter them from calling again.
I'd like to know how they got my number as I'm ex-directory and I'm always careful to tick the 'no marketing' boxes when signing up to websites, etc.
If they call again I'll tell them I run only Linux and see where it takes us.
I wonder if the people in these call centres actually know what they are doing – they have my sympathy if they don't.

Betty

Got a call from them in Hamilton, Ontario yesterday just after 7 PM. Gentleman with very strong Indian accent told me he was calling from IPC for Microsoft. Bells went off, have read about this many times. Informed me I had major probelms on my pc and he was the support tech to help me fix them. Oh really? He asked if my computer was on and I said no (fib big fig, I was using it) asked me to turn it on, I said it was in another room. He asked when would be a better time to call me or could I go and turn it on, so I "went and turned it on", then I asked him again who he was calling for and he repeated the same IPC something something (I couldn't understand most of it) for Microsoft and they did all the suppot for them. I decided not to play (sort of) with him so said I'm sorry did you say Microsoft? his reply was yes, I then told him I must have misunderstood because I have a Mac (I also do have a Mac). He was a little confused and said the info he had showed I had Microsoft and actually apologized for calling. I did get the impression he was on to me though because he kind of chuckled. No number came up on call display and Out of Area for the name. I'm also going to post this info on my Facebook page. I do wish there was some way to stop this nonsense.

Sara

That idiot just called me. I picked up and some guy started talking about a virus in the computer so its gonna get blocked. II was gonna fall for it but my mom told me to check out this number he gave me. Then i found out ppl talking about it and just hanged he called again , my brother picked up and no one answered. What an idiot.

Jesper

Hi all – here we go again – this time in Denmark.
Had a very interesting discussion with a number of different indian people. While talkin to them – I googled "CLSID" and found this page – thanks for the ammonition you providen – only had them on the phone for 20 minutes. I could allways call back using 01 61 35 30 323 – as if

jennybird

Just received one of these calls. Same M.O. as others' callers, it appears. He recited "my" CLS ID, instructed me to go to my computer. I told him I have to leave in 5 minutes, asked for his number. He gave me 15207200725. He asked me to repeat the number (which I did, but left off the "1" assuming 520 was an area code, and he quickly corrected me "to include the 1!"). He said if he doesn't hear back this afternoon, he'll call me again (like someone previously mentioned, he told me with great urgency that my computer is under attack, could crash at any moment, and there's no time to waste). I asked for his name (keep in mind he spoke with a heavy Indian accent), which he claimed is "Peter Watson." I think I'll string him along a bit until he gives up ("sorry, I'm not sure how this thing works–where's the 'on' button?").

ubeenwarned

Telephony can be easily manipulated by technical and non-technical means, so Caller ID is meaningless when it comes to these curried clowns.

These are wannabe social engineers of the lowest order, using crude ruses to gain access to home users’ computers, likely to recon and exploit whatever personal information they can harvest.

Really, this one HAS been around for a long time…did the Prince of Nigeria recently contact you to ask for your assistance, too?

Be careful.

jb

So yeah, this just happened to me as well. I was working on getting more information and like a dumbass, let them have control of my PC for 5 minutes through Ammyy.com. I supervised everything they went to so I could cut the connection if they tried to go anywhere suspicious. The guy was getting really pissed at me for not wanting to pony up money for them. He said that "as a legitimate Microsoft professional", he could give me a lifetime account for my Zone Alarm software that he just told me missed all of these thousands of errors. Then he showed me the event ID in the event viewer for one of the "issues" and told me that was the number of times I had been infected. The call and the connection ended right there. Do you think they had enough time to screw with my PC in that amount of time?

David Harley

I can’t really say what they did while they had access to your machine, but all the reports I’ve seen suggest that when there’s been verifiable damage, it’s been from careless/uncaring/hamfisted ‘repairs’ to the system, not to intentional installation of malware or peeking at sensitive data. I can’t guarantee that never happens, of course.

DavidD55

I'm in Sydney, Australia.
I just received a phone call from urgentechelp.com who "showed" me apparent errors in Windows 7 Computer Management Event Viewer. They said my PC was infected with Trojan.94
Then they wanted me, ultimately, to back up my files to the "Live Support" on their webpage.
When I refused they got quite irate and threatened to disconnect my PC from the Windows Server so I cldn't get updates for a year!
They eventually hung up (rang off) on me.
I cldn't find ANYTHING abt urgentechelp.com on the Microsoft website and a mate who works in IT tells me I did the right thing.
I ran the CMD and ASSOC commands. But nothing else.
The worrying thing was they were able to quote the .zfsendtotarget CLSID to me over the phone. But this might be a standard number in Win7 for the .zfsendtotarget key.
AND they knew my address and phone No. How did they get these? Are they intercepting comms from my PC to Microsoft?
They didn't ask for money and I didn't ask if this was going to cost me anything.

David Harley

Thanks for the information: while the behaviour of some scammers has become increasingly abusive, I haven’t come across that particular threat before. Asking you to back up your files to the Live Support page is also something I haven’t seen before: while I can’t say _how_ sinister it is, it doesn’t sound like a good thing.

The standard CLSID in Windows 7 is indeed the one given in this blog article.

I don’t believe they’re intercepting PC Microsoft notifications. If they could do that, some of the ridiculous claims they make would make a little more sense. Scammers are known to use publicly accessible directories. Some of the reports I’ve received also suggest that they may have direct or indirect access to ex-directory listings, too, but it’s likelier that such info is sold to them than that they’re actually hacking servers (or whatever). While some of the ploys in use are quite clever in a nauseating sort of way, the social engineering is highly generic.

Jeff

Got a same call this morning……Googled while I was on the phone……found this site.
Thanks!

Greg

Thanks for the article, I just got this call and I actually thought the CLSID was a UNIQUE ID as stated on MS. When I got the call I happen to be scanning my PC and Malwarebytes had found a treat, I was wonder how they got the CLSID, I thought maybe there was a trojan on my pc.
Even as a IT Consultant I was unsure, they did not sound professional but I wanted to see what the scam was and how they managed to infect my machine that I constantly monitor because I use it for work. I was bounced around for "senior technicians" and I questioned there ever move and instruction I could hear the frsutration build. I asked for verification of a Canadain Business License and phone number and they hung up.
Its actually a brilliant little scam, I have been in IT for a long time and this had me thinking they had weaseled a trojan in my machine. The language on Microsofts site should be changed
from MS – "A CLSID is a globally unique identifier that identifies a COM class object. If your server or container allows linking to its embedded objects, you need to register a CLSID for each supported class of objects."

Parsley

Yes, a scam. I was told my CLSID, but refused to run the assoc command claiming I didn't know anything about it and wasn't about to do anything dangerous in case it was all a scam. Ha! I kept the nice Indian-accent man chatting for half an hour. Ha!
So why do credit cards still associate with this company? Why have they STILL got a web site (creativesolutionsonline.net)? Why don't LEA do anything?… And most important, why does Microsoft make such traps easy to fall into for the man-in-the-street? All Windows OS are far too easy to corrupt both with software and hardware faults. I need a full-function REALLY safe mode. May be one day I will feel safe enough to do on-line banking.

Nina Orsini

I am receving phone calls from Seattle, Washington stating it was from Microsoft with access to my telephone number, how can we stop these calls? They call during dinnertime and didn't understand until I ended the conversation and started looking this mess. People, we need to stop these calls why have a telephone and there are predators on the other end. Any suggestions.

alexis s

Hi, thanks for this info: they just tried it here in Massachusetts 6/2/12. I wrote down the CLS number, their phone # (315-636-4810) , and name given: David Roster, heavily accented. I called my ex- (a computer guy) but meantime googled "cls i.d. scam" and came up here. thank goodness for caution / fear. Reporting to Mass. Atty. General

Trevor

I'm not sure if it's funny or frustrating that many of these scammers are so tied to their script that sarcasm or direct threats go over their heads.
With early calls I tried saying how nice it was of them to be concerned about my computer. Asking if the computer sending out messages to them was the one registered to me or to Essex Police failed to get them to stop. I tried saying they'd got the CLSID wrong so the problem must be my other computer and used the delay to Google what I was sure was a scam. I actually knew it was a scam because I must have had dozens of the calls but it was the first time I'd had the CLSID trick so I was intrigued by that. I said that I'd checked and seen the number was not unique but it didn't slow him down even when I said why should I trust him when he'd told me a lie. Even telling him there wasn't much point continuing the call when my Police colleagues would have had enough time to trace his call didn't stop him. It took several more minutes of calling him a liar before he rang off.
The first time I tried the Essex Police ploy a few weeks ago the scammer probably missed what I said because he was working two calls at once and putting me on hold gave me a crossed line with a woman he was in process of scamming. I hope she hadn't got far enough in the process but she mentioned paying money for nothing when she heard the word Police

George

Just had one of these calls in the UK. He asked to speak to my wife but she was out (she’s the one registered in the phone book). I asked who he was and what it was about. He said we had a serious computer problem and that he needed to speak to her to fix the problem. I asked again who he was. He said he was from the Windows Maintenance Center. I said “I should warn you you are talking to a computer pro”. He said “Do you know what CLSID is?” I said “Who are you exactly? What is your name and phone number”. Instead of answering that he said “I will not believe you are a computer professional until you tell me what CLSID is” (like it matters to me LOL!). I said “I am now convinced you are a fraud and will now hang up and if your caller ID was not blocked it will be reported to the police computer fraud unit”. As I hung up he was going “No wait… you have a serious problem…”

Rhonda

Recieved the unnerving call @ 10:50 am in San Antonio TX from Windows Service Center from an unknown number. Heavily accented man said he was calling from Deleware USA. They were getting hits that my computer was being used to illegally download. He asked me if I was using antivirus software, then wanted to know what type it was. I refused to give him info. Then he told me to check my CLSID number to verify that what he was telling me was the truth. I told him I believed this to be a scam and hung up on him. He called back explaining that he was really calling from Windows and that he was very real, he could identify my computer to me and that I was illegally downloading. Told me to go to cmd and type assoc. Then he repeated the clsid 888DCA60-FC0A-11CF-8F0F-00C04FD7D062. I googled and found out that this number appears in MILLIONS of computers running Windows! Its not anything unique to your computer. DONT BE FOOLED BY SCAMS!!!!

Mark

We've been receiving these calls with depressing regularity here in the UK. They are certainly persistant and have recently started implying that AV software only detects viruses, not the 'malware, spyware and spiders' they claim our systems are infected with.
I've just spent a fairly pleasant 20 minutes 'playing along' to see how much of their time I could waste. During the call they had me search for all .inf files on my system and then tried to explain how all of the results (including .NET and ASP.NET folders) were malware, they went through the event viewer warnings and quoted my Computer License Secret IDentifier several times. I asked if they meant class identifier but they were adamant their definition was correct!
When I questioned what their knowing the CLSID proved, they told me my machine was dangerous and passed me over to a supervisor who said he was blacklisting me from the Windows main server and I wouldn't be able to use Microsoft products ever again, including my Xbox when I questioned it, called me a time waster and hung up.
I have the Windows 8 release preview on a virtual machine and am toying with letting them into that should they call back again, just to see what they do when faced with the Metro UI. Although that said they'll probably claim it's malware and that a one off fee of £159 will fix the problem…
David thank you for this blog post, it's good to see people helping to spread the word about this type of scam.

Max

Received a call this morning from 'seattle washington' about there being a breach in the firewall on my windows computer, lol. I knew right away this guy was spouting bs, so I tried fishing some information out of him. All he would say is that he was from windows help desk, there was 'background software' that had given him my name and phone number, and then mentioned something regarding rundll32. Found his accent kind of hard to understand.
Eventually I got tired of laughing and hung up the phone, its too bad some people will fall for this though.

Gareth

Just got the same call in the UK.
Indian sounding lady asked me to run cmd, enter assoc. Quoted the CSLID to me. Then directed me to ammyy website. Asked me to run the file, but I got concerned. She tried to pressure me. I clicked on the ammyy box, but didn't run the file, so hopefully she didn't gain access to my computer.
When I started saying I was concerned as to whether she was genuine, she directed me to the website:
She's going to phone me again tomorrow….

Rob

Just got the same call in Holland. and stupid as i am in first i believd the guy although i was was very suspicious. i kept the guy talking for half an hour, put him on hold. played scared but he was was verry terminated. at the moment he directed e to a website pointed out te reviews het lost me. id ask him why a microsoft technician make use of a third party website. all he did was pushing me to hit te button to let him in. at the end i told him i would not do that and that i didnt trust him at all he told me to f??? off :-) ….

Jacques Brassard

I received the exact same call this afternoon. The scammer told me he was from Microsoft. I went as far as hearing him read me the exact same CSLID number. Then, I asked him to transfer my call to a French speaking person. His answer was: Sorry, we do not have anybody who speaks French here. My answer was : Microsoft always answers in the customer's language, all over the world.
I have posted this comment on my personal website:

Baljeet

I just got the call in the UK he asked to speak to me in Hindi and said I was wasting his time, the call degenerated to the point of him repeatedly telling me to f— off and calling me a m———– before he finally put the phone down. Doesn't sound like microsoft to me!

Christian Jensen

Hi, Today i received this call in Sweden, thay said they are calling from stockholm but couldn't speak any swedish at all, or the womman i talked to said thay arent allowed to speak swedish wish sounds strange.
First a was a little consern becouse they know my "ZFSendToTarget" number, but when she wanted to "fix" my computer with the AMMYY i said stop. The whole conversation is just weird and can't stop thinking "why will anyone call and say that my computer is in danger?" She tried hard to tell me it was safe and all she want to do is to help me.. When i didn't want to go to the website she wanted me to go to, she starts telling me that i wasted her time.
Now that i can see that this "ZFSendToTarget" number isn't unique i can relax and be glad i dident followed up with her "solution" to fix my computer.

Grant

I received the same call yesterday in NSW Australia. They were calling from the UK.
The Indian guy said his name was Andy Jones. He gave an employee id and told me his company's website was but I didn't buy into it.
I searched and found this page while still on the phone to him. Needless to say I laughed a lot at the things he was saying. He was unperturbed. He gave me the same CLSID rubbish which I know isn't unique to my computer.
I told him I work in IT and he started praying on that saying that because I worked in IT I knew that viruses are difficult to detect and that I knew that errors or warnings in my eventviewer were viruses. If I didn't have such a small ego, that may have sucked me in.
I told him he had told me nothing to establish his credibility and gain my trust in any way. He kept disagreeing, saying that he hadn't asked me for any information and that it was urgent to fix the problem or they would have to block me from the internet to protect the microsoft server. But then he wanted to connect me to the microsoft server to fix the virus (which didn't exist) on my computer. Hmmm…claiming to protect the MS server and then wanting to connect an infected machine to it was all part of the comedy act. I had fun. He's probably paid for how long he stays on the phone, so he probably enjoyed it too. I figure they recorded it and will use me as a case study to train new even more ruthless scammers.
He didn't respond when I asked if he had a conscience. Even after I told him that I knew it was a scam and that I had a website in front of me with the same CLSID that he said was unique to my machine, he still didn't give up on his story. He said he needed to talk to his supervisor and would call me back in 5 mins.
I never heard from him again.

Grant

The website he said he was from was urgentechelp.com

Joe

Just happened to me in NY (Brooklyn). A guy called REX. Recognized the game because I'd just read an article about a security guy who fooled them via a VM on his Mac. Told him I would record him (but failed). He said that was fine. Funny enough… I'm Mac only these days, so I had to remember how windows worked and research as fast as possible to make sure I could tell him what he was expecting to see. Same nonsense, goes over a script. Win-R, cmd, assoc, last line, read CSLID, "only three people know this number, you, microsoft, and us "your global service provider". OK, ready, WIN-R, clear CMD type EVENTVIEWER, then I gave up. Told him I was straming it live to Justin.TV and would be uploading it to youtube. Alas my recording failed. Called him some bad names and hung up. I'm pretty sure this would fool my parents.

Noel

On the Gold Coast , Queensland. Just got the call. I asked for their phone number. The caller gave 02 80910113 (NSW Australia). When I asked their Business Address they hung up. Next question would have been for their ABN. The girl had a cute Indian accent though, I would have enjoyed talking to her longer.
Have a nice day.

Tina

Just got off the phone with someone telling me that there were errors on Mrs H's computer. I told him I was on it and ready to do what he says (I was on my laptop). He got me to go to run type in cmd then assoc which I did. He told me to look for the CLSID and it should say D062 at the end. I told him it did but that I was not on the computer he said had errors. He propmtly hung up. I then decided to google it to see what the story was and found this page. Could someone please tell me if my laptop might have any unauthorised software on it? I'm hoping not since they hung up before they asked me to install anything. Can they get in by me just running the assoc cmd?
Thanks
Tina

David Harley

Hi, Tina. No, running ASSOC won’t give a scam caller access to your laptop. All it does is display a list of file associations, which of course has nothing to do with viruses or system errors.

Ruud

Today, they've called me with the same story, using company
(Registrant Name:Nilesh Rastogi
Registrant Street1:b/7 rabindrapally taltalla road
Registrant Street2:
Registrant Street3:
Registrant City:Kolkata
Registrant State/Province:West Bengal
Registrant Postal Code:700059
Registrant Country:IN
Registrant Phone:+91.12345678).
I was passed on to the supervisor, but tuut, tuut, tuut, … The caller was a girl from India, using the UK as base.

Shawn

Received a call from "International PC of Canada", an alleged Microsoft agent. They began with the premise that they were calling on behalf of Microsoft to solve a problem with my computer that Microsoft had detected. They used the CSLID gimmick to gain confidence. I did not know what the CSLI D was, but It all sounded very suspicious. I asked if they knew my contact information, and they did. Including my name, address, and telephone number. When I asked for their number to call them back and verify who they were, they gave me this telephone number 1-800-237-3901. It just didn't seem right. So I ended the call at this point. Their call originated from 1-210-210-1739. An Internet search led me to this page.

Oona Mistwalker

California here. Got the same call, but he wanted me to run something that would “verify that the CLSID we have is correct.” I told him that if he had my CLSID he would have my IP address and he should verify who he is by telling me that. He stuttered. He said that Microsoft doesn’t collect personal data. I said, “You called ME. You have my phone number. That’s personal data. So you should have my IP address as well.” He hemmed and hawed. Then I asked if he could give me a number I could call him back at after verifying that he does indeed work for Microsoft. He hung up.

nick

I thought these guys had given up. Happened to be at my 91 year old mothers, who can't even turn on a computer, when they rang. Managed to keep them on the line for 25 minutes before they gave up. We should all do this whenever possible just to tie up their resources. It is a shame they use VOIP so that we can't actually run up their phone bills.

Marwan

Same happende to me Ontario/Canada.
After CLSID was confirmed the asked me to go to webiste and download some software.
I said why should I download this software?, they said to fix computer problems.
I said :what will happen if I dont fix them, they said: your hardware wil not work.
I said : Which part of hardware, MOBO, HD,VGA,Monitor …, they Said: ALL
I told him that ALL hardware will not go bad at the same time, even if it did , I can always buy the bad part.
At that point he hangup on me, What they want is to force you to purchase some sort of maintenance service from that website,
So I dont call it a scam , but an agressive marketing.
Indian accent was noticable, and when he told me to check my computer , I asked which one, I have 5 notebooks
online at this moment (Typical Canadian family) plus Mac, Plus IPAD, Plus Iphone.
He said the one in front of you, Hahahaha, I had an IPAD in front of me.
But I wanted to learn something new, and i moved to Windows Vista laptop, he said its Windows 7.
But how they got my phone and Name , this is the question.
I suspect Internet phone that I connected recently with Cogecco.

David Harley

@Marwan, lying to the victim in order to make money is not aggressive marketing, in my view. It’s just a confidence trick.

Lab Rat

I have had several calls along this line usually directing me too inf or file event viewer and more recently the CLSID form. Interestingly the CLSID trick does not work on my Windows 2000 machine.
It normally throws them when I tell them there are several computers at this address and I use most of them as they insist it is my 'personal computer' that is at risk. They don't like to drift off their script you see. :)
Obviously they adapt as time goes on.
Unfortunately I have spectacularly failed to get any company information out of them or a return telephone number to be able to report them to anybody.
The most interesting development today was they actually used my name (or the mangled indian version of it anyway).
They have tried tried several times to get control of my PC via the logmein websites.
I've about given up trying to bring them to justice so I have asked for the service that declines calls made from withheld numbers on my telephone service. You normally pay for this service but Virgin quite nicely gave it to me as I was having problems with this type of call.
It obviously won't cure the problem but it shold offer some relief.

lynn

Got on the computer in a rush yesterday to look up my sons flight info. Got a pop up " Internet explorer has stopped working correctly. Windows will close the program and notify if a solution is available" . We'd had storms in the area so I reset my router, then I recieved a phone call from a gentlman with an Indian accent saying that they," Mircosoft" were aware of the problems with my computer and that I had a serious Cyber Virus and malware that was not being detected with my installed protection program. He verified that he was legit by confirming the CLSID # and telling me how to look it up on the computer. I was suspicious, noise in the back ground. He said he was UTH with microsoft technical dept. He acted very concerned and wanted to show me how much information was being sent through my computer by hackers. He got me to type ammyy and took control. Showed me 56,101 Operating System warnings and errors, 1394 replica files, Told me it had to be fixed because my CPU was about to crash! Then he transfered me to his supervisior for better help with all my problems. I asked again who they worked for, got the same answer but he google Urgentechelp.com to show me.I saw a fee of $171.00 mentioned on the site to repair computers. He denied working for Microsoft. Finally I said, this is a scam , how did you get my phone number? You're trying to make me buy something! Get off my computer you hacker! ..#**@ He hung up on me and said " Fine lady, your computer is going to crash!!! Scared me to death….. all that and I still didnt know when to pick up my son from the airport! I shut off the computer and rebooted. I ran a scan for viruses, everything looks ok. I know they scammed me< i Just don't know how bad > Was It just to sell me a computer care program or did they steal information from my files? What do I do now?
Stupid in Dallas

David Harley

Hi, Lynn. I can’t guarantee that the scammer didn’t do any damage to your system or data, but I haven’t so far seen verified reports of this type of scammer actually stealing data. This is what I like to call a mosaic scam: the aim is to scam you for a relatively small sum of money, paid for services you don’t really need. They probably aren’t interested in your data: they’re getting access to your PC to “demonstrate” the “problems” they want you to pay them to fix.

Andy

Yes it is a scam. They use VOIP so you're not costing them anything by keeping them on the line. Only wasting your time.

David Harley

Andy, not altogether. You’re also wasting their time. But personally, when I try to string them along, it’s to see if there are any new ploys I should know about, not in the hope of undermining their profits.

Andy

Good point! Are they just assuming that you have a pc vs a mac? Do they have your ip address? I knew it was a scam as soon as I picked up the phone but especially since they said their information came from the people who i bought my computer from since I built it myself.

David Harley

In my experience, they generally assume a PC. There have been one or two reports where the scammer’s script has allowed for the mark being a Mac user, but I’ve no detailed information on that. They don’t seem to have Mac-specific ploys equivalent to the misrepresentation of ASSOC/CLSID, Event viewer, Prefetch and Inf. Not that I’ve seen reports of, anyway. It’s very unlikely that one of these scammers would ever have your IP address. Loving the self-built PC angle. :-D

Sarah Jones

Wigan, UK.
Just recieved three calls in quick succession from the same person. First time, he got disconnected, and then tried again but hung up when I suggested that I could monitor my computer's performance without the need to connect to his 'diagnostic network. while the windows Task Manager showed my CPU usage at around 3%, he tried to persuade me that it should be up around 80%, and that such a low figure is clear evidence that my machine is in trouble. I wonder how many people actually fall for that simple, but effective bit of techno-babble !!
Whilst in conversation with him, I asked for his website address, so I could read more about the services he offers, and he gave me , which may well be a perfectly innocent and legitimate company, but he (the scammer) is using this as the public face of his scam operation.
Anyway, I stopped short of actually connecting to his machine, but he did run the CLSID trick on me; unfortunately he lost the call at that point, so I used the few minutes that he took to call back to do a quick Google search on CLSID scams, and found this website!
When he called back, I described the reports of his scam in detail, and oddly enough, at that point, he hung up.
I'd like to hang him and all of his kind up as well!

David Harley

Thanks, Sarah. I’m afraid full URLs are automatically stripped in comments. If you care to send the URL he gave you to askeset@eset.com, I’d be interested to see it, though.

Sarah Jones

Just one other thing to add here….
When my scammer was trying to get me to connect to him remotely, he asked me if I had the 6 digit number that was issued to me when I bought my computer, and if so, to enter it into the login box on my screen at the LogMeIn website.
OK, so as far as I am aware, nobody is given a 6 digit code when purchasing a new computer! But I'm betting that if you said 'Yes sure', any number you enter will not work, at which point he will ask you for the number so he can help you out. Think about it folks….6 digit number; if you had one for any purpose, it would probably be your date of birth, and once scammers have that information, who knows what damage they could inflict!!
Anyway, I said I didn't have a number, so he gave me a number to type in to connect to him, but curiously, it was an 8 digit number that he gave me! I didn't use it anyway, but he really wanted me to.
So this was probably a scam within a scam; as a sidelilne to the main event he was also trying to learn what my date of birth was, which could (as far as he knows) be used as a PIN number for all sorts of other sensitive information.
Just thought you should know.

David Harley

Thanks, Sarah. Usually the code they’re looking for is one that allows them to connect to your system via the ammyy.com remote access service. The DoB angle is one that hadn’t occurred to me. Since they actually have very little real information about their victims, I don’t think such a PIN would be much use to them, but I certainly wouldn’t advise giving some coldcaller anything that might allow them to guess at your personal information.

Adam

UK,
Just had the call – LOL she quoted the same CLSID, so i wnet with it for a a while.
When she asked me to setup the logmein, I siad I had a better program adn asked her for her emails address so i could send a teamviewer invite…at which point she hung Up !!!
I love wasting their time…

Alexis Smith

3 calls in 2 weeks, all from diff. #'s but with the same story to tell me. Today he gave me an IP address for my computer, that I now understand is part of the CLSID. Today they called from 971-217-9518 and asked me to call anytime to 614-388-8814. "Allan" said he will call me tormorrow when I have had a chance to verify the IP address. I rcvd several calls last year & reported info to an office in Ottawa . I sure hope they call tomor. so I can tell them – no match on the #'s. Hope this can be stopped soon.

Elayne

Phoenix, AZ
I have been called numerous times – mostly from unknown numbers by Indian people. Today, received a call from a 516-765-9767 number that says New York. I actually talked to the guy (Gary, he called himself…was clearly Indian), got him to give me the CLSID number – similar to the ones above and the instructions. I told him I was not at a computer and insisted he give me the CLSID number and the info, as I was not going to give him anything or do what he wanted. He eventually gave me a number to call him back at 315-352-0802 once I had done what he wanted me to do – I have no intention of calling – he said they would keep calling as my computer would keep coming up on their database until this was resolved. These guys need to be jailed or much, much worse!!!!!

Eelco

Amsterdam, NL
Like many people above, I just got called as well, by a service desk claiming to be Microsoft, stating they were receiving error messages. Already felt trouble there. Then they went to to assoc command, and asked me to check CLSID. Obvious they read out exactly what I got, but in the mean time I checked it on a few other computers and googled it, and found this site.
When I challenged them saying the CLSID was different on my computer, and that I doubted them, the line got disconnected.

Tin Nocker

Yep, they are still at it. Pretty much verbatum per the other comments above. But this time the indian guy named "Lee Kemp" screwed up and told my to log into "amy" instead of the "ammyy" LOL! then when he couldn't get me to understand, he hung up on me. Then called back an hour later, but I didn't answer. These fools need get a life!

godzilla

they called me yesterday, Indian lady, claiming to be working as a contract company for Microsoft, who kept asking if i had got to my computer, and when I had, she passed me on to an Indian guy who asked me to run assoc for the command prompt. then he said I should run which I refused to do. whilst he was talking I checked google searches for this website which made it pretty clear it was a scam. since then I have renewed the firewall on my pc and run a full system scan, so McAfee have certainly benefited from this evil time-waster!

anonymous

I took one of these phone calls for my grandma today because I know a little more about computers than her. I've worked at an at&t tech support call center before so I have a soft spot for tech support people that remote access your computer, etc. So I tried to make the caller's job easier, but when he said I needed to pay $310 to register my CLID file ("registering the CLID file" makes no sense after I researched it by the way), I told him I wanted to research it online to see if I could fix whatever it was myself. When I said I wanted to research it, he went offensive and said if I did not register that file, then he would have to shut down my computer so I couldn't use it anymore because my version of Windows was a trial version (an outright lie). But that is exaclty what he did. He started deleting everything in my windows/system32 folder. At first, I thought he was removing the software that he had installed, but then I closed our remote connection window and rebooted the computer before those files were deleted . . .too late. The computer would not boot because it said certain system32 files were missing. I ashamedly told my grandma. She said, "Live and learn."

David Harley

Ouch. Ugly. Hope you managed to get the system restored ok.

Fimas

I live in Sweden and got a call from a US cell phone(or that is what the whitepages.com says after a quick search) registered in Seattle(WA). The guy on the other end had an audiable indian accent so it seems to be the same scammers still going at it. The first time they called I said I suspected a scam and hung up. The second time I humored the guy for a while and then googled some of the things he said and then quoted theguardian.co.uk saying that this was a scam and told him I would take legal action if he didn't stop calling my number. They seem to have calmed down for now, but I'm on the lookout if they call again.

Shannon

I live in the US and just got the call a few minutes ago. Same stuff everyone here was describing. I told them many times I thought it was a scam and got as far as the CLSID but no further. I told them I didn't have time right now to do this and that my kids needed to be cared for. The number I was given to call back was Nancy at (786)275-8261

Wonder Woman

I just got a call from them with a Washington called ID number. I thought it was another political recorded message. I could barely understand this man's HEAVY Indian accent. THAT was my first tip off. And why would Microsoft Technical Support be calling me at 7 pm on a Friday night? That was another thing. I asked how I would know if he were ligit. He said only me and Microsoft would know my CLSID code. I did the "run" then "assoc" thing, while googling as well. He asked me what the code was. I said, "well if you know so much, why don't you tell me?" He did and it was correct, and so were you. It was the same as the above you wrote. I still was unconvinced that it wasn't a scam. Despite my obvious hesitations, he really tried to sell me boy, very persistent. I asked for a phone number to call him which was 315-636-4810. It took him a few minutes to get the number from him, and he changed it twice. Another red flag. "You don't know the number where you can be reached in your office?" I querried.
When I called the number he did asnwer Micro tech Support but I didn't buy it. Oh and when I asked how much this was going to cost me, he said it depended upon the damage this "malware" had done. I said if it was Microsoft's fault like you're telling me, then why do I have to pay for anything? He just wanted to keep me at the computer, rushed me to get on right away, and just go, go, go! Don't ask questions! Believe me as I am trying to scam you out of your money! Not likely today buddy. Enjoy New Delhi!

ordiprox

The wonder woman's story was a real thriller… Sometimes it's very difficult to identify this type of scam.
We begin to have some case in France too. I'm working in computer repair company, and the newbie customers are the first victim of multiple scam…

Christopher

I had the same thing in North Carolina, USA. I went through this, same as everyone else to the letter. As I have some heavy experience in IT, I explained that I wanted them to confirm my computer ID if it had truely sent a message about malicious software. I told the guy that my computer had been off today and have recieved no information from my computer, and surprisingly there was a hang up. Then he calls right back. When I told him that I had antivirus/Malware/Spyware that was not on the market, he asked what brand. I told him that it was a matter of national security if I was to give out the name. Again another hang up. then within about 5 minutes a call back. I told the guy that i wanted a phone number and the CLSID that I would look it up and call back, it took about 10 minutes to get a phone number. at that point I told the guy. If I don't get the data to confirm to then I would hang up. At that point he said please hold and speak with his senior manager. I told the guy that I wanted the ID number from the computer, and that if he had received several reports and had my phone number from my computer then to send me an email with what to do. Of course he didn't have that info but would give me their phone number (302-261-2620). I told him that I would take my computer to my personal computer tech, and have it taken care of, he said that it would have to go to a certified windows technician, I told him that I had one at work, and to take me off of their coldcall list, and to never call me again. he then hung up and have not heard anything back…yet.

Johnny

I received one of these calls a few days ago on the Gold Coast, Queensland, Australia where the caller told me that he was a Telstra computer engineer and that they were experiencing massive amount of error messages displayed on their system and these were caused by my computer. Furthermore that my computer was continually downloading malware that could not be detected by norma AV software an he so kindly offered to login to my computer and fix it for me because if nothing was done the computer would crash very shortly. I asked him if he could provide proof that he was in fact from Telstra and he said he had no problem there and said, I have your CLSID which is unique and you can look it up and compare. I then asked which of my computer he was referring to and he said it was not possible to see on his system. OK if the CLSID is unique you need to tell me which computer you´d like me to log into. At that point I was getting bored with the conversation and said to him that he hadn´t yet given me any proof of who he was and he then offered to put his supervisor on the phone and I said that wouldn´t help much as I didn´t know his supervisor, I have your CLSID he said and I am a Telstra Computer engineer. That´s fine but explain to me why all my windows computers have the same CLSID and if you have problem with that then I might be able to help you because I am actually a computer engineer. At his point he gave up and hung up. I´m sort of hoping he will phone again so I can have some entertainment.

Sverre

Ecactly the same here in Norway. Girl stating she called from microsoft. When I was sceptical, I was transferred to a technician for the CLSID to convince me.
I would normally not have listened to them at all, but the weird thing was that my PC had crashed twice less than an hour ago, which it normally doesn't do.
Luckily I didn't follow his directions after the CLSID test – as I googled the commands while talking to them, and fond this site.
Thanks!
Sverre

Reon Coetzee

Thank you for the info and advice – had the call yesterday in Switzerland….

Faye

Thanks for this info – call ended fairly quickly once I said I'd googled the CLSID and found that exact same "unique" number! I like the suggestion above of saying my number is different!!
Shoalhaven, NSW, Australia

dave

David, I wish I'd read your article before I was stung by these b@st@rds… Hanging's too good for 'em, I say! Read Vogon poetry at 'em!
:|

From Sweden

They've started calling Sweden now. Whole story followed the exact same pattern. My scam antenna was up when they said it was my "microsoft computer" and the virus was "hidden junk" but would not be more specific. I was busy googling and they got mad when I didnt follow along with the script. I got transferred to the "manager" who didn't do any better at creating trust with them. He ended up calling me a bitch at which point I hung up. A quick search of all computers in the house identified that the CLSID was not unique.

Eric Martin

Contact local police and FBI.
They just did this to me and woke me up. Pissed me off. God damn idiots. I'ts an old back up and they didn't steal crap.
Indian government needs to be warned or else.

Donna

Just had the same experience, husband listened to the whole spiel, told him "we don't need your help," (DH doesn't know how to turn a computer on!) and so far no call back. But glad to find this site and know what is up with this scam.

sam

this happend to me yesterday morning !! i actually fell for it!!! i follow her steps and gaave her the id to access my computer to show my errors then she tried to do something else but it supposely didnt let her a screen pop asking for permission she then got fustrated and handed the phone to a man he yried the same thing but didnt work he was fustrated and i told u should call when my husbands home he was like i will!! I dont.know.what i have gotten myself into and my husband is going to kill me for falling into it!!! so since i gave them access that one time can they still access after i deleted the files and did they inplant a virus in my computer :( im sad fustrated and couldnt sleep all.night worrying about what ive done!!! some help please

David Harley

We obviously can’t tell you anything about the state of your particular PC, but it does sound as if their access to your PC was somehow going wrong. In general, these guys use that remote access to demonstrate the existence of the alleged viruses and to install files which are supposed to implement the ‘service’ they want you to pay for. If they didn’t get access, you needn’t worry about their having done anything to your system. If they did, it’s unlikely that they put anything malicious on the system: occasionally they trash systems out of sheer nastiness – see http://blog.eset.com/2012/07/23/the-tech-support-scammers-revenge for a couple of examples – but planting malware is not the normal operandi. It’s possible that they did get access and tried to install something but couldn’t, perhaps because your account doesn’t have administrator privileges, perhaps for some other reason. If you really can’t talk to your husband about it, maybe you could find a reputable local PC tech who could take a look at your system?

sam

they showed me the errors and tried to do something else but need permission so your swying its safe?? i hope they didnt install anything!!! i stopped the ammyy and deleted and scan scan my whole computer and it came up negative !!!! Thanks again!! computer seems fine but i doubt it!! i will try to find a pc tech in our area and see. thanks again!!!

David Harley

I can’t promise your PC is safe but it doesn’t sound likely that any lasting damage was done.

sam

Thanks again ! i wish i sthould have known a about this stupid scam I just have to hope that nothing was damage!! They said they will call back this weekend i wonder if they are!! Also the caller was a lady with an asian/maylasian accent!

Josh T

Had exactly the same experience today, I'm 23 and though not an expert have grown up with technology and have a good grounding. My mother on the other hand has disturbed me from peace following a difficult day at work… giving me the phone to a lovely foreign man (I'm from the UK) telling that our computer is infected and causing issues which will result in our internet being suspended, later it turns out this will happen in a few weeks… I shall wait and see. He wasn't calling from my ISP, he didn't even know my ISP. He didn't know my IP. He didn't know anything personal. He didn't like being told he was a scam, that made him mad. But alas he wanted me to run the old wins+r, cmd, asoc and give him the code as per this blog. After 15minutes of being patronised and returning the favour I grew bored of this new found toy and hung up. All the time I was trying to obtain details from him to google but he was a slippery fish and it isn't till now I have come across this blog. Oh the powers of the internet are wonderful thank you very much for just confirming what I suspected, I await round two from him with my new found knowledge.

Benjamin Sweden

Just recently recieved a call from an indian accent guy asking if my name was (lastname), I said well yes and so it went along for a while, but I got suspicous immediately when he said he was offering free service and it had to be done immediately and couldn't wait until later. I was pretty tired, but it was still 9 o'clock in the morning so I decided to get a cup of tea and see if I could fix this problem. It was mother's laptop and she had been having some trouble so I fetched my laptop and found this site while talking to him. So I wrote in the assoc in the cmd got the CLSID and compared it to this website and when I realised that the number was the exact same as on this website, I just said, CLSID is not a unique number so this is obv a scam, he just "no I can give you another number" and then I hanged up. God dammit scams through phones now!? Very rare in Sweden I must admit.

Ken Hawes

Same scam here in Los Angeles. Indian-accented man in a boiler-room called with dire news about my computer being virus-filled and on the verge of failure. He had my 'unique ID number' (aka CSLID) as above to prove his authenticity. I kept him on the line for about 20 minutes – I couldn't find the CTRL-key and such, and eventually he wanted me to run w~w.support.me from the run window (thats www at the start, but I don't want anyone clicking it accidentally). He said I was wasting his time after a while and he hung up.

Mark Gladwin

I am in New Zealand – have just received a call from a guy with an Indian accent wanting me to run through this stuff – wanted his number and he wouldnt give it to me – he’s going to call back – which gave me time to research… thanks

Robert Leijendekker

I am from The Netherlands
Today was my lucky day. Being a Systems Administrator for 15 years now and have come across some nice scam's.
Funny enough this one was new to me.
The Phone rang my wife gave me the phone because the caller id was "Out of Reach"
After 4 words i knew it was a scam, so played along was funny my wife didn't know what i was doing because she could here me say: "yes i clicked/typed that" while I was just sitting on couch drinking a coffee and watching television :)
After 30 minutes a collegue called me on my mobile because I had to some work on a server.
I told the other side,"Sorry I have to upgrade a server now, could you call back later and continue , because i am having fun "
I hear "beep,beep,beep Wonder if they will call back again :P

Paul

Got a call from THIS number:
210 301 0307

with the same intentions

David Harley

Thanks. That seems to be a number with a long and dishonourable history of use by scammers. Added to the AVIEN PC scam resources page at AVIEN: http://avien.net/blog/?page_id=790, which I’m trying to get more use out of as a vendor-neutral resource.

Sharon

I'm in Canada and fell for the entire scam on Aug 2, although I thought I was a diligent and careful internet user…….
The phone number used was 209-759-4216. They actually gave it to me on Aug 2 when they sold me Malware and "cleaned" my computer.
Today, I received a weird message on my phone from the above number. Caller ID said it was Jose Gonzalez…..and they had my name and number correct…..and said "PLease answer your phone………and some garbled stuff".

Bert Ritto

Geelong, Victoria, Australia. Just got this call from a lady speaking good English (although poorly-connecting line they were on gave it away as telemarketer right away), claiming to be from Star Tech Computing or Computers. Said this call is about my computer. Having a degree in multimedia from RMIT, I said, "Oh, it's about my computer is it?". They hung up immediately. Quick Google search brought me to another site where Star Tech reference was used then onto here. Looks like about 1 in 10 are falling for this. That's from the comments I've read. Some people hey. They must be making good money from this scam. I'm thinking about setting up a dedicated zombie PC with multiple viruses so that if they call back I'll infect their end with virii, malware and multiple trojans. Yes I am a complete nerd and a sexy man. These scammers need to have their genitals set on fire.

Rajan

I just received a cold call now from India trying to sell some performance improving software in to my laptop.
THey said that they rceived an error message from my computer through the internet gateway. When I questioned them, how could they know my computer details, they disconnected the line.

JCZ

Netherlands here. Apparently they call non-native English speakers now as well. I was immediately triggered when the person speaking appeared to be a non-fluent English speaking Indian. Also, I’ve never heard of a ‘Windows service center’, and lastly, unless my PC has some very nasty virus, it’s not experiencing any problems whatsoever.

He asked me to turn on my PC, so I made him wait some minutes (of course, it was already on). Then the command prompt jumbo came. Well, I’ve always wanted to pull that one silly joke, so I told him I typed in ‘eforechovforvictoreforechonfornancytfortango’.

Oh yes, and the last entry in the list assoc displays appeared to be ‘.zprj=ArcSoft.PrjFile’. ZFSendToTarget wasn’t anywhere near the bottom.

After he got a supervisor, I pretended I couldn’t hear them anymore and hung up.

David Harley

I think the only way to ensure that the desired string always appears in the DOS box without scrolling back is probably to get the victim to type “assoc .zfsendtotarget” which is easier to do once they have a remote login: it’s a bit error-prone to dictate, especially with an uncooperative so-and-so like you. :)

Fortunately for the scammers, there aren’t that many commonly used file extensions that start with .z :(

Melissa

I just recieved one of these calls. The caller ID came up "Unknown caller" the woman on the line sounded as if she were from India. She told me that her company has been recieving hundreds of notifications from my computer that it has been downloading malicious threats and viruses and that it was critical for me to go through a process with tech support. She then transferred me to her supervisor that would be of "further assistance". I asked how they got those messages and my phone number… I thought it was weird to get a call out of nowhere that my computer was at risk…. They did tell me they were from Microsoft Windows tech support…. so at first I thought it was ok…. but the more the guy spoke I got suspicious… he has me hit the winows+r and a screen popped up where he had me go to a logmeinrescue.com site. I thought this was strange because whenever I need IT support for my computer I would contact HP, and NEVER had I been directed to a site like this. When I asked for his number to call back and make sure it was legit, he immediately started stuttering and trying to hold me on the line… He assured me several times that this was critical for me to run through this process or my computer would crash… and that I was SERIOUSLY at risk to loosing my software…. Several times I asked for a number and e-mail address… Finally he gave me a 302-261-2620 number and e-mail address of This was NO windows tech support… It would have come up on my caller ID if it were. So now I'm sitting here on hold with my HP tech support to make sure my computer is fine and to report this bullshit…. Where do these people gt off thinking they can just call people out of no where and get there info about their computer?!?!?? I'm pissed right now…. I googled the phone # and email address the second I hung up with that guy!!!!!!!!!! What a scam!!!!!

David Harley

If you didn’t obey the instruction to open a remote connection with logmein, the scammer didn’t get a chance to compromise your system. Still worth reporting it, though.

Steve Everett

I feel a failure – only managed to string the guy along for 15 mins, others look to have kept them on the phone for much longer!
For the record, I'm in the UK, the call was from "Unknown", Indian sounding chap who knew the "CLSID of my motherboard" which would "prove he was from Microsoft". Extremely persistent, even when I got bored of acting ignorant and pointed out I worked in IT and that I knew what he was telling me was guff. At least I kept them away from someone who might have fallen for it – they are very convincing

Lee Picton

Maryland here. My husband got one of these Indian gentlemen callers yesterday, but couldn't understand him. I was motioning it was probably a scam and to hang up. Husband said if you want to talk to me put someone on the line who can speak English, and hung up. Today I got the call and while I was playing stupid and writing down the letters finally figured out he was saying CLSID. Meanwhile I kept interrogating him – how did he get my number, how did he know anything about my computer, what was his name, and on and on and on, while I was googling CLSID scam and got to this site. Laughing my ass off, I told him his call was a scam, but he kept reading from the script. THen I said he was a thief and a crook and he kept reading! I repeated it several more times, and finally got bored and hung up. I only managed about 20 min. If they call back again and I am not busy (I am a retired software developer and systems engineer), I will get more creative. Thanks guys!

Veronica

I just got off the phone with a guy from IPC support. While listening to him go on about how I've downloaded something that is going to cause my computer to crash, I started to think maybe I should pay attention. I sat at my computer about to follow his instructions, and when he asked me to type the CLSID into my search box, I instead asked him the name of the company again, and told him I was googling the company before I start the process. He said 'sure yes you will find us online'. By the time the screen came up, he had quietly hung up. The number on the IPC Support website does not work, and I was relieved that I hadn't fallen for it.

Michael Axford

Hi, I just had half an hour of fun with one of these scammers. I take support calls as part of my job and I am an avg reseller in Melbourne Australia. I always answer the phone with "allo" and when I realise it is a scam call I say "si" every now and then. The poor bugger was very frustrated because I pretended to understand english less than he did. It took 15 mins for him to talk me through getting to a command prompt. He hung up but I got a call back straight away from a "supervisor". I get calls from my customers all the time telling me that they fell for this scam. Even though I warn sites about scam calls. The guy claimed to be David Foster from Online Tech Ph. 02 2039846662. I dialled the number while talking to him but of course it is a dead number.

Paul Mooney

Melbourne, Australia
Hi, a friend of mine actually fell for the eprotectionz scam and gave the guy full access to his computer. He's cancelled credit cards etc, but eprotectionz sent off an e-mail to his head office claiming he had brain damage and was looking to lodge an insurance claim.
Any advice about what steps can be taken to ensure these criminals no longer have access to the computer or try and work out what files they have accessed?
Should this be reported to the police?
Cheers
Paul

David Harley

As the means by which the scammers get remote access to the victim’s PC varies widely, there’s no standard template for ensuring they have no access in the future. Looking for the footprint of services such as ammyy.com and logmein.com would be a starting point. You could probably work out which files they’ve accessed by checking file stamps, but in general, the reports I’ve seen are about stuff being installed rather than existing data or apps being stolen or manipulated. That doesn’t mean it couldn’t or doesn’t happen.

So far, attempts to engage law enforcement actively with this problem have been disappointing, but by all means report it to the police. Fraud is, after all, a crime. And the more it’s drawn to the attention of law enforcement, the likelier it is that there’ll be some official action.

Paul Mooney

cheers thanks David

Leonard De Baets

Someone just tried to scam me in Ottawa, Canada with this CLSID scam claiming they found corrupted files on my computer and wanted access. Luckily I did a search on CLSID scam and found it was a common problem. Thanks for everyone who blogs and posts this information.
The company they said to be coming from was ASK PC Specialist in this case and the site looked very suspicious to me. Very unfinished. They guy at the other end had a heavy accent, probably Indian, and was very anxious to push this through despite my stalling. When it got down to me identifying it as a scam, his supervisor came in to apply some more heavy pressure to allow them acces to my computer. I hung up but it would be nice to catch these guys.

Mark Hammond

Just had the call in the UK today, google brought me here – so thanks for the info. Went as far with them as the ASSOC part and the CLSID, but then they tried to get me to go to tinyurl.com/diagnose13 which i didn't do so they gave up !

Andrew Scott

Just had a friend come close with this scam… (hence why im here on this page)
My dad has had a heap of these calls… Having converted his machine recently to linux… last time he had one of these calls he was like " Windows… but I run linux…" and the poor indian dude on the other end of the phone coughed and spluttered and after a few seconds silance hung up…
even if your a windows user its a quick way to shut them up… they dont know what to say next… :)

Steve C

Just got the call and got as far as CMD ASSOC but didn't hit enter.
Googled up this scam instead and hung up.

Jay

Just had this call in UK. Had fun for about 13 minutes, guy with an indian accent called 'John Watson' and apparently they were calling from a company called bc software based in California. Said they were hired by microsoft to call up users who had malicious software. When they finally figured I wasn't playing ball they threatened my pc would crash within next couple of days and it would be all my fault for not doing as they asked!. One thing slightly different got a marketing call not long after and guy sounded exactly the same, but I may be paranoid.

David Harley

John Watson, huh? If I need forensic work doing on my PC, I think I’d rather have Sherlock.

Glen

Call came to my parent's home. I answered. Got the "we are calling from Creative Solutions, the exclusive outsourced support for Microsoft". First contact was a woman, she did the ASSOC thing and I ran it to see what I could find out about them. She then handed me to their "tech guy", he gave the "unique CLSID" monologue, which I checked while on the line (confirming it was a scam). I let them go further, they asked to run EVENTVWR which he then highlighed all the scary RED X's. Another trust gaining move….. And then finally they asked me to go to the site of SUPPORT.ME from the command prompt. I then asked for a call back number before I do anything more. His response "Thank you and God bless", then he hung up. He had given his name as ALEX PARKER. He had an Indian accent and they gave their website a CREATIVESOLUTIONSONLINE (.NET). Hope somebody nails these guys!

Leonard Wilson

These guys were very insistant today: Indian accent, Brooklyn NY, 702-997-0263, , Representing Microsoft, Asked for CLSID after running ASSOC.
I asked him to call back tomorrow.

Kuljeet Kokri

Targeted in Middlesbrough-got 3 calls today from this scammer called Kevin Williams from California from the anti-hacking dept of windows telling me that computer has been hacked and it is coming on their red alert and as a legal genuine user of windows they would like to help me.I almost fell for it but luckily did not switch the computer on.They talked about CLSID and gave me their number as 0012097325572.their VOIP number as 1223969276.It is nerve wrecking.Thanks for this page.

Richard

Funny to see they have been active for such a long time. They must have made lots of money so far. I too got the call today and let them in using SHOWMYPC's remote tool. Right at the beginning, he had stupid arguments and I admit I got fooled by the CLSID number. After having a problem starting eventvwr, another tech took the call and kept trying to provides proofs that I couldn't believe. He then hangup and I switch off my wifi to check my laptop. Also restore to previous backup to clean up.
I wrote to tech support at Showmypc to let them know. They replied saying that a notice will posted on they web site.

Jamie

Indian man called wanting access to my pc stating that it was sending error messages to Microsoft. I explained that I have not been on my pc for 3 weeks since I have an iPad. He then stated that " maybe a family member" had gotten into my computer, to which I replied "uh no…I am the only one, they have their own". I asked if he was trying to sell me anti virus software and he then reiterated that he was with "Microsoft" and trying to help my computer and not selling anything. I let him know in not so many words that I am not a fool and that I have computer knowledge having taken computer information systems in college. No way, no how do I let anyone remote into my computer.
I then googled the phone number and found gold in the form of several pages of would be victims stating they didn't fall for these idiots. Power to the smarter people.

A N Other

Ireland. Indian man called with CLS I.D., had phone number, wrong name, did'nt have my e-mail. Said they were given information as part of Windows support agreement. He gave his name as John Rodgers from IT Clear. Said his supervisor was David Williams. He said he was calling from Victoria in London and the phone number was 18009020348. Wanted to know why i didnt believe him when he told me he wanted to help me. Eventually he hung up when he ran out of answers. Still laughing.

Math

Quebec/Canada. Exact same routine. Indian guy, Microsoft support, gave me « my unique CLSID », asked for remote control of my computer. This is where I got suspicious and asked to call me back next monday. Found this page on google, may involve the police if he calls back.

Nick

Hampshire, GBR
Reporting a call from UNLISTED who wanted me to use the showmypc.com site. Seemed to have my address but that is pretty much public domain. Needless to say we did not have much to talk about!
Stay sharp chaps

Colin

Dalarna, SWEDEN
It's been going on a lot here as well so we are quite well versed in the long drawn out stupid user questions syndrome. However, just recently I had a short call where the caller already knew my name and simply asked if I was the owner of this telephone. The alarm bells immediately rang and I simply replied "one of them" . He thanked me and hung up.
Just got the call, same MO but every time he instructed me to do something I mis-typed a few times, asked what does that mean, what do these initials stand for etc. To cap it all, the last 20 lines in my "assoc" list are devoted to associations beyond the normal alpha characters (visual studio uses "_sxxxxxxxx….. and _vxxxxxxxx." so I insisted that he patiently listen while I read out the last three lines as he had requested. I was especially careful not to read out "visual studio launcher" but to simply quote the characters v i s u a l etc.
I played with him for about 45minutes before declaring that "….my computer has just crashed, can you help me get it going again?". Guess what, their pre-written scripts and intense training course don't cater for this event. He promised to call back later when "…You have managed to fix it yourself".
Just remember, if you know what they are up to and can keep them on the line for as long as possible you are saving an innocent victim from grief:-)
Just like Spiderman

Bryan

Toronto, Canada. Man with an Indian accent called from a private number claiming to be from a company called Digital Network Server. He claimed that my computer was hacked and that it was disrupting their servers. I stalled long enough to find this article. They called back immediately from a number with a 666 area code.

tjr

Ottawa, Canada. Strung them along for a good while. Spouted do not call list which they ignored. Said if their server was having issues with my pc, what was my IP? No clue. Said their IT department was useless if they had no idea what my IP was if it was causing their server problems. "CLSID, CLSID etc bla bla." After I got to a supervisor I asked how my Linux pc could be creating microsoft problems on thier server? ROFLCOPTER. "I am so sorry sir, we cannot help you with a Linux PC" Cool I fixed all their problems and saved others from a fate that apparently costs, on average ~$1000 to fix. On a previous call, I asked the "Microsoft " employee where the head office of Microsoft was. He said Californiahahahahahahha ROFL. When did they move from Redmond, Washington?

Frank

Ireland- got the same as above- indian accent guy gave english type mame john tayor or similar- ringing from microsoft – instantly suspicious- but decided to play the poor ole ejit and waste his time too as Im off work at present. Wnet through a long turm on procedure- ie my laptop was on but told them it was a real slow starter ;) and made a cup of tea during all this -making them quite frustrated- are you in front of your PC?- just squeezing the tea bag now etc . anyhow all He gave the CSLID number to show legimite- googled this ste while talking to him and found this site- David Harley you are a good guy hope you get payback for your efforts to help here in form of a good paper or whatever it is people with lots of letters after ther name need to get more letters! Any how after 40 mins after being passed to a senior tech- i was really playing the thicko – i told them my broadband connection was not working and went off to check it…after 5 ins i hung up- they tried to ring back twice but i did not answer as i want to think up some hoops to jump them through for my ongoing enjoyment. the number they were ringing from is 001 4020759195.
If ther ring back I will say that they must have been talking to the brother and heshasent a clue and they can talk to me and so on or maybe claim total amnesia ….any body got some good ideas?
Frank

David Harley

Thanks, Frank. :) Good to hear that our friends in Kolkata are at least giving something back in terms of entertainment.

Paravou

I recieved a call today from these same Indian Scammers(David Wilson from Caleefornia Pasadeena) when I asked his nationality he replied Christian(didn't know that was a nationality). Anyway I pretty much heard the same story as most of the previous posters.. from microsoft in caleefornia pasadeena(deliberate misspelling btw) giving me the whole speil of malicious viruses and whatnot causing my pc to slow down I started writing down the website he asked me to go to windows pc cure .com and gave me a (Special) password to enter that was not for everyone I started getting suspicious and told him my phone was low and I needed a # to reach him by in case it died on me. he gave a # that originates in cottonwood CA . Well I'm tired and will probably call him back tomorrow as my 45 minute call did indeed almost kill my phones battery it is also getting late. here in Fl. goodnight all

Colin

Hi David,
Me again, I just had a call from "Jack Sparrow" when I asked him "Are you a pirate?" he replied "yes sir…are you alright as well". Long story short – I now have 15 computers one in each room – well not the bathrooms, that would be stupid, so please tell me which one you want me to switch on. …..Erm, all of them are infected. …….How can you tell, theyre not all on the same network, if you can tell me which one you need I'll go to it but I can't simply walk around to all of them and check the numbers, just tell me which one. He gave me my telephone number and insisted is was my computer number. It must have taken him another fifteen minutes to come up with the crushing " Go to hell, F…O..:-)

Ken

I got a call from someone who told me he was receiving error codes from my computer and I told him I knew it was a scam and he was a f*ing idiot to think I'd buy it. After I hung up he called several more times and I just hung up on him. Then this morning he called again, saying his name was Frank and he was from Microsoft Windows Techical Maintenance Department and I decided to play along for a while. I asked where his department was located and he told me it was in Brooklyn (funny, I thought they were in Redmond). Anyway he had me run event viewer and pretended to be shocked at the number of errors I saw. At that point I was getting tired of the game so I read something to him off the web about the errors being normal and if someone calls and tries to convince you otherwise it is a scam. Then I asked him what I needed to do and he said nothing, I was just wasting his time. So I told him that was my purpose and I was glad I was able to do it, and told him again he was a f*ing idiot and a criminal to boot. I figured that was the last I'd hear but amazingly enough he called me again this afternoon, only this time he wasn't from Microsoft and he told me they don't call their customers directly (but his name was still Frank and he spoke with the same accent). He said he had called me a couple days ago and I told him to call back today. So I went along again and this time he pulled the CLID routine (I had asked him several times how he got my phone number and how he associated it with my computer but that was the best he could do). Then he had me run event viewer again. At this point I asked him what company he worked for and he said "Online PC Experts" (I had to ask several times and have him spell it out) and gave me a number I had to call (718-592-5450) and said I needed to talk to Lado (I had to have him spell that out too – he must get asked to spell things out a lot as he is fluent in the phonetical alphabet). He then said goodbye and hung up.

Johnny in Austin

I got this scam call today. Heavy Indian accents, Jennifer and John, were calling from Brooklyn, NY. Claimed to be from Microsoft. Caller ID 25-382-0308, odd phone id number seems to be missing some digits.
He ran the CLSID scam. Said my computer was showing errors and would crash soon. It had many viruses. He claimed the CLSID was unique to only my computer and proved he knew my computer was causing errors. I played along with John until he wanted me to connect to a website so they could run remote software to check my PC. NOT!
He handed me off to Jennifer. She claimed to be in Brooklyn, NY. Since I am originally from there, I asked her about streets and neighborhoods. When she realized I knew what they were up to she hung up.
It was obviously a SCAM from hello, but I wanted to fish for info to share and report. I can see how people could fall for this. A by produduct of outsourcing call centers. Thank you for that corporate America.

Alanna

Alanna from Toronto, Ontario, Canada. Same scam. Called asked to speak to "mylastname". Knew it was a scam, but listed and recorded (on paper) the instructions so I could google later. After caller rhyming off the CLSID #, I was bored and hung up.

Ken

I received a call from Microsoft Support Center. Same thick Indian accented female, supervisor had less of an accent. I strung them along for a bit, with a bad backwoods accent, then yelled at them and hung up. I may have to so with something a bit ruder next time. Anyone have a guess as to how they are getting our numbers?

James

I just got the same call in 2 hours. I've run my own computer company for 30 years and my own ISP for 15. Their immediate claim that I was transmitting information to them from my systems immediately set me on guard because I designed and wrote the firewalling scripts that defend the entire network and I would be aware of any such outbound data trafffic. Then they tried the CLSID # thing on me but unfortunately for them. harh harh a registry error in my primary workstation doesn't let the assoc command reach the end of the file extension list so I was able to argue that the number on my screen was completely different which caused them to wany me to go to showmypc_com and any I dont allow anyone remote desktop access in fact all remote features are disabled on my primary workstation. They even want me to launch the web start from "Start" "run" which I would never do anyways. Figured it was a scam and kept pounding how my experience and certifications and what exactly did they want? One caller gave up and hung up. I hung up on the other when I got bored.
James
in FL, USA…

Cees

Assen, The netherlands,
Got these people on the phone yesterday, was very supicious, asked how they got my number (supposedly from my windows registration form) and on asking where they were calling from, he answered: Sydney, Australia. They were very insistant and I nearly fell for them. Thanks to my wife I broke off the call before anything harmful was done. After rethinking it over and calling for help on Google, I found an article from The Guardian newspaper from last year and this website. Now I'm convinced and happy that they wil be unable to do any harm……….

Davo

Sydney Australia. same call just now. got passed from one indian sounding woman to an indian sounding man. And yes, same story with the CLSID which the guy said was the "Licence ID#". i kept him going as long as i could (be bothered) ending up saying to him "does your mother know you are doing this?", "are you proud of yourself for this type of work?". etc

Susan

ok, I'm screwed. Completely fell for it like an idiot. What can I do to protect info. on the computer?

David Harley

Susan, while I can’t say anything about the state of your PC specifically, the chances are that they weren’t interested in your data (apart from your credit card or PayPal data, of course). Generally, what they do is install legitimate software, though it may not be software that you actually need. I presume they used some service to access your machine, and you’ll probably want to remove whatever agent software they used. I can’t tell you more about that without knowing what service it was – I’m not particularly knowledgeable about all the remote access services that are available – but if they used AMMYY, you might find the post at http://blog.eset.com/2012/08/24/ammyy-warning-against-tech-support-scams useful. If you’re still worried, you probably need to contact a reputable local tech to check over your system.

Tim

Bloomington, MN. Just got the call. I am an IT guy. I had so much fun with them saying your pc is giving a red light in our database. Talked tech jargon to them till they hung up. lol.

Andy

Bowral, regional New South Wales Australia. Call from Brad from Computer Maintenance Department. Needed to check my computer because of viruses. "Oh Brad that sounds serious we have to fix it. I'm so glad you called. What do I need to do." Go and turn on your computer. "Oh Brad, I am infecting the internet. I feel so ashamed. Have I infected Mr Gate's computer. This is terrible. Brad hung up.
Ten minutes later Brad (another Brad) again. OK play the game. Win-R (run eventvwr, OK so far). Now Win-R run ; Sure Brad. Like Not! OK a bit paranoid I turned off PC and pulled ADSL. Yeah, these are scammers not NSA/CIA/DieHard4 but still.
On and on we go. Don't you have my IP. You tell my CLSID. What's your company. What's your phone number. I wont' repeat these they are probably an involved 3rd party. Then I'll told I'm wasting time. Brad contstantly interrupts and tells me call is being recorded. Big Mistake Brad. Telecommunications Act in Australia makes recording conversations without consent an offence against the Commonwealth of Australia. I told Brad I was worried for him. He told me I was wasting his time.
But I fear for my non-tech literate friends. Fish in a barrel. If they get you to give them your credit card number it makes prosecution so much harder.
Tom Friedman probably didn't mean this as a positive example of a flattened world!

Max

We get these PC scam callers daily, at least 3-5 per day… It is rather annoying, however i thought i'd play with these idiots for a while. Call #1 today… A guy with a think indian accent tells me that i "have problem" with my windows PC, after asking him a few times if he was sure he got the right number, i continued to explain to him that "we have an apple mac" … he hung up.
Call #2 Indian woman called "Lisa" called and explained that i "have problem" with my PC, i played along and allowed her to run me through the whole start / run >> cmd >> assoc. She must have thought she got "one on the hook" as i stepped through her instructions… in between her gabbling i said "why are you involved in such a scam, why are you involved in fraudulent activities?" to which she replied "shut your mouth and s*** your c***" – the strange thing was that she hung up on me too !

LeftieLouie

Same CLSID scam, Indian accent, said he was calling from Florida phone number 954-6888-011 (interesting the way he spaced the digits differently instead of 954-688-3011). I let him walk me through the scam trusting that I would recognize it if he asked me to do anything dangerous. He said the web site for his company was ; He was about to have me visit the web site and click on "Join Remote Control Session". At this point I told him I was an engineer and nothing he said made any sense and he hung up.

Lorrie

I just had the same situation in ITALY!!! Weird since the guy was speaking ENGLISH!!! I was really worried that he had somehow gottn in to my computer, he was just trying to it looks like.
He identified himself as being a contractor for Windows and said that he was contacting me because of a “signal” my computer was putting out. He had me look at the system reports and read him the ones that had errors or warnings he said I had a “bad problem” on my computer, he never said virus or malware. He wanted me to go online to a web site ammy.com since it was with a microsoft or windows domain name, I refused and told him I needed to confirm who he was first. He offered proof of his really being from Microsoft by telling me my computer ID, he gave me the right info and told me where to find it. He then asked me to go to another site, I again refused, I asked him to send me an email since he also claimed to have my email address. After almost a half an hour going round and round with him I finally hung up. Needless to say he never sent any proof.
Guess the only good part was that the time he spent with me he wasn't scamming someone else!

Johnk

I just got off the phone with a gentelman from India and calling from 1-708-951-6659 which I am sure is a VOIP like google Voice or something like that claiming the same thingas above Excepy the Company was Peylon Tech Support and calling for Microsoft Corp as they were their service partner a quick googel search brougnt me here and I started laughing at the Guy on the Phone which he obviously did not like very much And I promptly hung up on hiss ass but not before getting a Phone Number to call them back which was 855-888-5881. So they seem to calling everyone all over trying to scam people.Oh and by the way he told me when I stated that I guessed that he wanted me to pay them to fix the problem aty a low price of 159.00 USD that confirmed it was a scam. He could not give me a compouter name or an IP address. Which would be how Microsoft would track something like this so they would know if it was indeed a real Microsoft company.

Marco

Hi,
I am in Quebec, Canada… Got a call yesterday, told the guy it was a scam that I did not have any Windows installed and he hung up… Got another call today. Decided to have a little fun so I let him struggle with the CLSID to give me, let him talk and repeat a lot because I am a dummy !!! Then, told him that I just realized that I had a French Windows version so we would have to continue the discussion in French… He hung up !
Said he called from 213-839-6802, ext. 870. Gave me "Gordon Smith" as his name… Very funny that a guy with such a strong indian accent had such a common English name ;)
Too bad we cannot do much to stop them from calling…

Barry

CLID scammers appear to have been busted today by US, Canada, and Australia regulators.
US press release is at tfc dot gov

Barry

oops. ftc dot gov

Siobhan

Thanks for the information found the website while I was on the phone and sent the scammer packing

Pablo

I just got the call from "Private Number" The Indian gentleman told me he was from "windows tech support". I knew there was no way that this was legit so I had a good time with him. He gave me this long string to write down and wanted me to look it up in my computer. I asked him what his phone number was and he said "why do you need that I am calling you?" Then i told him that I thought he was an internet criminal and he got all offended. Then we had a long back and forth with me calling him a criminal and him swearing that he wasn't a criminal and that I was not behaving. Good times. Finally he hung up.

BDT Systems

UK here: Just had a call from 0011111 (not a UK number or a valid number in any country) they tried the CLSID trick with me after I made it very difficult for him by asking if he could tell me what OS I was running etc etc. Eventually I told him I was the one who ended up cleaning up the mess "you" scammers make with vulnerable end users.
I had not come acrosss this type of CLSID scam before, I nice article.

Brandon

I had this scam just then. He called me yesterday introducing himself, I told him to call back later (since most telemarketers don't call back). 2 hours later, he called back. I told him I was still busy and told him to call back an hour later. HE CALLED BACK AGAIN! This time, I listened to him and told me that there was something wrong with my computer, I was suspicious and hung up. He called back again but just said in my asian accent; "I no speak English" and hung up.
The next day (after school), he called yet again and told (begged) me to go on the computer. I went on and did what he said. He then told me if I saw the CLSID. I told him to wait a second. I quickly googled "CLSID" and found this blog. After this, I just hung up. He called again… I told my mum to pick up the phone (she doesn't speak English) and told her just to, well, say she doesn't speak English.
I have yet to receive another call… but it's only been like half an hour since the call.

Pete Butterworth

I had this scam today…and followed his precise instructions (at a leisurely, measured, ignorant pace).
I eventually told him he was talking in a foreign language to which he responded 'What foriegn language?'. My reply was that he was talking b*ll*cks – to which he rang off!!

pANEK

So i have this call proly 2 days ago this east indian guys trying to get me to open my computer, as soon as i heard him please go type "…." i slammed the phone. today ive received same call from the same guys, this time i recordered it =Pthe man on the other side is trying exacly to do what is posted in the article. i tryed to go along with it and aski him where hes from and stuff but he wouldnt budge saying that my computer when was bought was assigned to my phone number { which was probably 1 month old] compared to 2 year old computer. at that point im just laughing and still going along. he said that if you run the command assoc, you will get that code, and BAM that was the code i found in this forum. at that point he is really trying to get me to comply but i just simply told him that i googled that code and its says that ppl are trying to spam when giving you that code and asking you to run cmd and event viewer… as soon as i told him that he was like ohhh.. umm okay you have a good day and hang up. i think they wont call again =P

Dave

Buffalo, NY. Got a similar code from "Microsoft support" and that my computer was infestated. I played along, go to the CLSID but when he asked me to type in I told him I knew that he was not from Microsoft, and and hung up.

Hirender Ranka

Hello,
I got a call last night, around 19,00 CET, in Belgium, Brussels. The caller said he works for MS Windos Care department and that they received error messages from my computer and he was calling to help fix them.
I was not aware that this was a scam and on his request, I hit the window + R keys, after which he asked me to key in ASSOC in the box, then he went on to give me the MS license or is it the CLSID number. After which he explained about the event log.
He then asked me to key in AMMYY and I asked him to hang and googled it, not sure if he could see my screen, but the second the google results came up, he cut the line.
Just after I called my ISP and explained what happened, they confirmed to me that this was a scam and that it is probable that the caller could have run "file extensions" on my computer thereby compromising my personal information and computer. They further advised me to take my PC to a center to have it checked and cleaned. I am not sure if this is required or is it just safer to have this done.
I have since disconnected the PC in question from the internet and am only using it offline.
Can you please advise if my computer has been compromised, as the blog and almost all the responses above dont seem to mention any breach of security by giving the caller access via the ASSOC comand.
Thanks in advance and thanks also for putting this out so people like me can become aware of these scams.
BR,
Hirender

David Harley

Hirender, running ASSOC would not have given the scammer access to your machine. It simply displays a list. If you didn’t actually run AMMYY to give the scammer remote access, it doesn’t sound as if he could have compromised your system.

Hirender Ranka

Dear David,
Thanks for your clarification, seems I missed being scammed by a whisker !
Wonder why my ISP technical support team wants to me to have my PC checked ?
BR,
Hirender

Aylmer Johnson

Hi David
Thanks for this useful posting, which I was able to find and read while the guy was talking to me today. This one said he was from the computer maintenance department of Windows, and tried to get me to download the ammyy remote desktop software. I had nothing better to do, so was able to keep him on the phone for about 40 minutes, which I guess is the most useful thing we can do to lower their 'productivity'…
Aylmer

Dan

Oct 27, 2012, I just received one of these calls from 971-217-9514. I am in Atlanta, Georgia. Heavy Indain accent. Claimed to be from Windows and that their server got error message from my computer, leading them to believe very dangerous virus had downloaded to my computer, and that Norton etc could not find it. Then wanted me to go to list with CSLID so they could prove that they knew my unique Windows number to build trust. That is when I hung up.

unkown

I just got a really wierd call that was from no number. In a little girls the call said something like "come outside your seacret is wating."

Will

Got a call tonight claiming i had a virus based on the CLSID identified over and over again in this thread. I said I have three computers and asked which one. He wanted to me to turn on my computer so he could troubleshoot. Yeah right.
Number called from identified as 607-723-9891. He hung up and called back from an unknown line. I asked for a number to call back – he gave 1800-601-1921.

Jewels

This scam is making its rounds in Toronto, ON Canada now. Received a call yesterday evening and confirmed that a family member received a similar call during the same timeframe…it appears they are going through the phonebook for contact numbers. The call came from a blocked long distance number. A man with an east Indian accent was on the line and from what I could hear he was in a call centre. Managed to get the "name" of the caller aka "Sam Spancer" but no other contact info. In an attempt to gain my trust, he claimed to be working for the "Digital Network Server Department of Canada", a supposed anti-hacking division of the Government of Canada, that my computer was being hacked and my assistance was required to stop the hackers before more damage was commited. He then proceeded to confirm my CLSID. Similar to the above posts, he tries to get you to open Google to perform the next step in the scam but my caller got frustrated with me and told me that he was "spending too much time with me" due to my endless questioning to verify who he was. He told me he would call me back today after I had an opportunity to verify the information he provided. The idiot actually called me back twice this morning. During the first callback, I advised him that I was expecting his call and that I had the police tracing the call. He chuckled and promptly hung up. I was surprised when I received his subsequent callback about 10-15 minutes later where he apologized for the disconnect and once again attempted to call me into action to fix my "problem". I told him my problem was that I would give him access to my computer to hack into it. Told him to stop calling and hung up. Needless to say that they are persistent buggers!

Katherine

I just had this phone call at our office number here in Newcastle, ON.

Caller i.d. showed 67543200 and subsequent call from an uknown number. First time he said his name was Alex, the second time, same guy said his name was Adam. Indian accent, and I put him off by saying I had to speak to customers and could I call him. He provided me with the toll-free #800-601-1921, which I immediately googled to read the details of this scam.

Malcolm

I got a phone call at 0930 this morning from someone with an Indian accent who claimed my computer was at serious risk of malware attacks and that if I didn't follow his instructions then Microsoft would cancel the licence for the computer. He quoted what he told me was the licence number and told me where to find it on my computer via CLSID. It turned out to be correct – yes, it's the one quoted on here many times.

This firm was called Web PC Care.com and, opening their website, looks to be OK as it "says" that it is a Microsoft accredited site. I am in Lancashire in the UK, by the way. "David" asked me to connect my computer to "tech operator 1" and he could remotely check it for malware / spyware etc. By that time I was getting p***** with him and hung up. He called back straight away and my wife answered and said I'd gone out. He told her he would be calling again later today – so far the phone has rung twice and it was "caller witheld number". I just hope that my computer is safe. Norton tells me all is OK so far.

At least it's different from "surveys" about loft insulation / double glazing / cavity wall insulation . I'm on this site that should stop these kind of calls but, as they are not directly selling items, they get through. They are getting ever more frequent though. Just be on your guard about this one.

Jewels

They called me yet again just moments ago (my original post is dated Nov 8th above). Phone did not ring as a long distance call this time and the number displayed was 626-574-9227. I didn't bother answering the phone but performed a Google search of this number and noticed a separate blog for this same scam.

shanvi

Dear Hirender Ranka, need not to panic, you an simply remove that ammyy from your control panel, rest they cant do anything until and unless you had given your Credit card number and detail.
if you need to know from where these callers are, i can even provide their personal numbers also, but due to something, i'm unable to go through with local cops.

for further do contact me at c u t e s h a n v i @ g m a i l . c o m

Notgullible

The Set up
Took a call claiming to be from MS ( "wow" ! I thought "MS have never been this helpful before" ..LOL) and my ip address had been linked to a DOS on one of their servers sending hundreds of error messages every time I logged on.I stated that I was virus free and they then trashed NAV saying that only microsoft can protect you from viruses (Are you hearing this symantec ! Lol)
They Proved it was me (of course ) by supplying the clsid and asking me to confrm it via CMD/ assoc.(he got very excitable at this point …) Already the suspicion level was def con 2. Then i was asked to go to web address tinyurl.com/diagnost12 …which was page not found (LOL!) next it was ammyy.com (now DEFCON1).
He then asked me if I wanted to end the call. 'No i replied and PRETENDED for the next few minutes to download the ammyy software took a while as i went off and had a cup of tea .I was beginning to enjoy this TBH..he was still there 10 mins later .
Then it got to the bit where the credit card was needed… when I said I didnt have one . He said they would have to stop the call. But I pleaded with him not to go , he asked about paypal( nope sorry !)
Then he said he must go but I said 'But you are Microsoft what am I todo ?? will I break the internet ????' ( my wife was paralytic with laughter ) He hung up..
In a more serious note. Initially he was very convincing and its quite a contrived and clever bit of work esp the DOS line.

Alexander

I have same thing yesterday I did not fall for it the moment he sayed he needed access to my pc I know he is a hacker.
So a had a good laugh

Marco

2 hours ago they tried this same trick on me. I live in the netherlands.It was an indian voice claming to call from london. She was "the support desk" and called me because a virus or malware on my computer was attacking the internet. lol
I played along and yes it was the clsid trick mentioned. I kept them busy for a while telling i have severals computers etc. They confirmed they have the same code because they are probably infected by the same software – yeah right – that changes System ID's.
I asked them several times what company they were from. First time they mentioned MS and then only the IT Support desk.
After that, I'm sure she thought i was a believer and to convince me further she even had me start the usermanager to show me the administrator user was disabled by the malware (of course i know that is the standard setting).
When I asked her if she could solve this she said she can but wanna do it on all computers at once remote, by making my computers part of an internal save network.
When she asked me if thats ok I told her I had to take my babyboy to bed and had no time. She will give me a call back on monday or tuesday.
Wonder how long i can make fun out of this and if i can beat one of the guys above in theuis forum. His max was 43 min. My timer is paused on 17 mins, but this storie will continue…. or i get bored and han up dunno

Dducks

I'm in the UK and had one of these calls today.
As I'm reasonably computer literate I think it's a public service if I keep them talking. That way I'm stopping them getting access to the computer of someone who may not know what they are doing and so give out their personal details. Today I created a new record for the time I kept them on the phone before they finally got fed up with me and put the phone down. It was 38 minutes. So can anyone beat that? Keep them talking by whatever means.
Unfortunately I don't always have the time to waste on this, but it is a bit of light relief when I do.
Today's call went through the usual routine: event viewer then this use of assoc. But the guy was a great actor; when I told him I could see 15 errors in the event viewer he played it as though this was a major tragedy – he's lost to the stage.

Linda

11/28/2012 New Jersey USA – 5:35 pm Got the same call from an Indian male. The number came up 000-000-0000, said he's from MS Windows Support, they were getting notifications from my computer that it was infected. I asked him where he was calling from, he says California (yeah, sure). My laptop has been giving the Blue screen of death to the point that I can't access internet on it; this is what made me curious about the call. I ask how he knows my computer is infected and which one? I have 6 computers. He says he can give me the computer ID. Of course I'm very skeptical, but go to the command page anyway. When he wants me to enter ASSOC, I google it (I was afraid to run something) and found this website. As soon as I see "remote access" I ask him if he is trying to get remote access to my machine. I ask him 5 times and he refused to answer, so I hung up. I just read through a lot of the posts. Thank you so much for hosting this website!

Al

Just got the same call from an "Unavailable Name & Number". Said he is from Microsoft Window support. They have been getting notifications from my computer and he wants to help me solve the problem because it seems my computer is corrupted. Asked me to to enter assoc in cmd to see my computer ID. to confirm that it matches the one he gave me. I did and then tried it on my other computer and it gave the same id. I got worried so I googled the command and the id and found this post. When I mentioned that I am reading about their scam on the internet they hung up on me. Thanks a lot for the post. It saved me.

Ted Dixon

Dec. 8 2012. Waterloo, ON, Canada. I had a call with the same CLSID scam yesterday. The call was from Microsoft in Redmond (so he said with an Indian accent and background noise from a call centre). I guess they have hired a large number of techs with Indian accents in Redmond. Interestingly he told me the address of the toronto support centre was at 8 Dune Grassway, M3N 2X2, with a phone number of 416-915-3536. the address is a valid address, but the telephone number answers with a double ring like in Europe, not in Canada.
Anyway, thanks for the great responses. I had a good laugh reading them – almost makes it worth gettiing the calls.

Having Fun with This

These people just called me in Washington State (U.S.). with the number 16617480240
I was aware of the scam so I decided to have a little fun.
I dragged him on for 40 minutes, and then started asking lots of questions and finally got tired of him, told him I would deal with viruses on my own and hung up.
Five minutes later, his supervisor calls, and tries to convince me again, using phrases like "my humble request". Humble request my foot. When she takes me to the CLSID again I tell her that the ID she read off is not the same as the one I see. She got super confused and asked me to try again. Finally, I got tired of her and told her that I was busy and that she should call again in 3 hours.

Less that two minutes later, the original guy calls back, and asks me "what happened." I ask him why he is calling after I clearly told his supervisor to call me in 3 hours. He says that the "problem is urgent" and asks me to check my CLSID again. I "check again" and tell him its different to mess with him. He then ACCUSES ME OF LYING. I respond back in an angry tone, "excuse me, but did you just accuse me of lying?" He goes–"Yes Ma'am you are lying" I hung up.
They called again one minute later. I didn't pick up, because this was the fifth time they called, and I was tired of them.
I think my total time was around 60 minutes, can anyone beat that?
In all seriousness though, they are very very convincing, and if I didn't already know about the scam/ wasnt as computer savvy as I am, I may have fallen for it.
DONT FALL FOR IT!

Spectrum Data

I kept one guy on the line for a half hour and every once in a while, after making up appropriate answers to his questions, I would ask him “Should I turn my computer on now?”. Great confusion on his end and my call was escalated to a master manager. They finally gave up.

Dope

I almost fell for it. I was on the phone for right at 1 hour. I could write the same things I have just read above. The phone number was 518-399-9915. My caller-id said it was from "Schenctady NY." By the way, I ask him how the maybe hundred staff members could call millions of people with this problem. His answer was that it was affecting people primarily in Texas.

http://www.facebook.com/shinan.ju.9 Shin-an Ju

I just got a call from “DNS Canada”(?). They said they are from Canadian government (with Indian accent). And they did the same scam. After I said I don’t want any injection to my PC. They hang up the phone.

Stephen Cobb

Shin-an — Thanks for the report. We have heard of scammers claiming to be from “DNS” but this is the first I have heard of DNS Canada. If you don’t mind me asking, did you receive the call on a Canadian phone number?

Bruno

Hello,
I just received that call again (for the third time; the first was about a year ago).
This time, they wanted me (after the usual introduction) to connect to http://www.tocoms.com. I just hanged up. How to expose these people ?

George Jetson

they called said they were #Microsoft in west Virginia . than after I asked about the weather he said in a mean evil voice very low ” you mother*** and hung up in an Indian accent . He said tell me when your in front of your computer twice ? to start his sentence when I cut him off at start

Stephen Cobb

Nice strategy, asking about the weather. I have not heard them say where they were located like that before. Thanks for sharing.

dabble

I also just got a call (on a residential Canadian number) from someone who claimed to be at DNS Canada asking me to run a command and claiming he would confirm my CLSID. When pressed, he repeatedly said he was in Brampton, Ontario, but refused to give me an address (I assume because one doesn’t exist). He also mentioned the name “Cloud Server of Canada”, but wouldn’t clarify how Cloud Server and DNS are related (I assume because they aren’t). He eventually got frustrated with all my questions and hung up.

Stephen Cobb

Thanks for sharing. This is the first case I have heard of where “the cloud” has been in the script. This tells us that the script is evolving.

http://www.facebook.com/andrew.in.france Andrew Forrester

I’m in France – Just received a call from an Indian woman who ‘works for Windows’. She asked to speak to me by name; she was very concerned about multiple virus reports from my pc. I told her I had a firewall. She said that was ‘for viruses, but there are other malicious programmes that can get through’ … I told her there was no way I was doing anything on my pc as she was cold-calling. She wasn’t put out and tried to convince me to check my pc’s ‘identification number’ by going to the command line and typing ‘assoc’. I hung up at that point. The phone number was hidden.

Stephen Cobb

Andrew — Thanks for sharing. I am surprised you got the call in France. That would suggest they could try the scam script in French if you answered the phone in French.

Andrew Forrester

Hi Stephen – I couldn’t say one way or the other … she spoke in English to my wife (who also speaks English) and my wife passed the call to me as I had been asked for by name. The caller didn’t ask if I could speak English or not.

Steve

The scam is still proceeding, called me today from “Windows Suppport Team”, Indian accent but good english. Said they were getting errors from my machine and my harddrive was corrupted. He prompted me to look at the event viewer, where I scrolled down and came to the first error which I tried to relate to him but he said that is all he needs and the error proves that my machine is infected. I have a good virus program and a good malware program I told him, but he said that the malware was undetectable. So, at his direction, I went to the command prompt and entered ASSOC. He pointed me to one of the last lines displayed with the CLSID number and he read it off. That had me going for a bit when he ‘transferred’ my call to his ‘senior technician’, but I could tell the call was not transferred, rather just handed to another person. This new person said they were able rid my machine of the malware and wanted to remote in to my computer. I then asked him to must tell me how to fix it and I would do it myself, he said that he had to remote in. I told him in loud terms “that was no going to happen”, and he promptly hung up.

Paul

I have got the call today – indian speaking people, supposedly working form milwauky; calling from a windows service centre, forwarding me to the site windowssoft.us — i m afraid i fell for it, just until they wanted me to pay money; i let them access my system though, what am I to do now ?

http://dharley.wordpress.com/ David Harley

If you terminated your access immediately, you may be ok. It depends on whether you allowed them to install anything or not. If your system is still working, though, that does at least suggest that they didn’t do what they have done from time to time and try to trash your system in revenge for ‘wasting their time’. I can’t guarantee that they haven’t installed something unpleasant, though. If you have a good security program installed already, now would be a good time to scan your system with the most paranoid settings. If you’re still not sure, it’s worth calling in a good local support professional.

http://www.facebook.com/suzanne.kelly.10420 Suzanne Kelly

Scam still proceeding..your site really helped explain scam. Thank you

Thomas

I live in the Netherlands and just got called twice within the hour by “IT Support Company” (tel: 0014259053074) and something along the lines of “Integral Security”. Indian accent, good proficiency of English, first caller was a woman, the second a man. Seems like they followed the script by the book, trying to convince me that one of my computers is sending out malware/malicious files/spam and that they can prove their authenticity by reading aloud the CLSID. Next step was the eventviewer. I had never heard of this scam, but was curious at the start to the steps they would take. I had second window open, googling to find out what the CLS ID was and came across this page, which confirmed my suspicions.

When the first caller wanted me to look for system errors, I told her that there wasn’t anything wrong with my pc and if she could stop calling. She said OK and hung up. An hour later the second agent called, assuring me that he was from a trustworthy company. I decided to let him go on a bit about the malicious files and such and when he started talking about the CLS ID again I told him that he was wrong, that the number is not unique to my machine and that he should stop calling. He was quiet for a bit and then I hung up. That was thirty minutes ago; here’s to hoping they’ve learned their lesson…

I am located in Maryland and was working from home today because of the snow storm. Gentlemen by the name of Mike Stephler with a foreign accent called and stated that he was from Microsoft Service Center that my computer is reporting errors which is a virus and they need to connect to my computer to clear the virus. I was victimwise and asked many many questions and appeared somewhat dumb all the while doing a google search and found this URL. Thank you Thank you Thank you. These guys are very convincing pretty smart ploy using the CLSID to verify your computer. I would not give them access to my pc and they called repeatly. I advised them I was on the DO NOT CALL list and not to call me. So he stated that he was calling from Microsoft Service Center at phone #206-317-1359 his name was Mike Stephler his Microsoft ID was MSC076 and his supervisor’s name was Dan. They asked me to go to http://www.fastsupport.com and http://www.showmypc.com which I did not do. I told them that my Nortorn Antivirus is blocking both of those webpages. They got frustrated with me and finally gave up. Why can’t this be stopped I wonder why Microsoft hasn’t jumped to do something about this. I reported it to the DO NOT CALL claim but Idon’t think anything will happen. This is scary! I am glad I answered the phone and not one of my children!

Stephen Cobb

I’m so glad we were able to help Karen.

Andrew

I have just received a call in the UK from someone claiming to be from the windows support tem. It was someone with a very strong Indian accent, and he was very very persistent. He claimed that my computer was generating error messages every time I used my computer, and he wanted me to input a CLS iD so that he could prove to me that he was a genuine caller. He also tried to obtain details of my ISP. I was immediately suspicious, and asked him when my computer had last generated a log entry. He replied by saying that he only had the last 35 days history – but interestingly didn’t answer the question. He was insistent that I should go to my computer and enter the CLS ID, and then he would help me fix the issue of the error messages. Finally, I told him I didn’t use Windows, and he hung up! Its clearly a scam, but whilst I’m not an IT expert, I’m reasonably IT literate, and the whole story didn’t stack up – as he also claimed that my computer security was compromised. My ESET security being fully up to date, I did not believe this, and have reported it to the anti-fraud team, who are well aware of this ever frequent scam.

lizaj

Today call from Auburn Washington woman identified herself as “Microsoft”, using this scam. Reported to Do Not Call site. When pressed, she said she worked for the “Technical Division” of Microsoft. She hung up not long after that.

disqus_LKK57oWwWj

I got the phone call today. Male, Indian accent, nominally from Microsoft Support. I was openly skeptical, but he was pretty convincing. Ultimately when I said I was also checking the CLSID number from my laptop (having already done so from the desktop) and asserting that “No, they are not on the same server,” then he hung up.

Stephen Cobb

Thanks for sharing, every bit we learn about their behavior helps.

Brian

I had a similar call (International) this morning (I’m in the UK) from the “Windows Department”, and since I’d just made a fresh pot of coffeee I decided to play them along for as long as I could. What with problems understanding through the strong Asian accent, my (imagined) fumbling difficulties with the keystrokes and my pretended dimness, I managed to spin the call out to over 50 minutes – eventually even reading out to him Microsoft’s description of a CLSID, and then the heading and relevant paragraphs of the David Harley’s article (above). I just kept him chatting until he eventually hung up.

Net result: whilst enjoying my coffee break, I wasted almost an hour of their time, with the added benefit of shielding maybe four or five other, perhaps more vulnerable, people from potentially being ripped off by these scammers – I urge anyone with a bit of free time when the call comes to do the same!

Thanks Suzanne! It really pleases us to hear when we have been able to help. Keeps up morale as we battle on against the bad guys.

Stephen Cobb

Thanks. It does appear that they just launch into their pitch regardless.

Dugald Craig

Still ongoing – no surprise there! All of the above applies but a couple of additions. In my case [ensured that I was disconnected from the net while talking] they tried to give me the info that the PC was registered to a family member who actually emigrated several years ago then asked me if I was the bill payer also for my name. He wasn’t the least bit phased when told that I didn’t give any information to unsolicited callers & for all I knew that he could be trying to get me to install malware onto my PC – became very insistent that he was from “a legitimate company – My Windows Support” also asked me to type in the run box “inf junk files” then enter – of course it just goes to the first part where Window inf files are stored & then asked me to double left click on any file with the PNF extension. As expected brings up the Windows can’t open this file message and asks to either choose a programme or search the Internet for a programme to open it. Needless to say I didn’t do so! He then proceeded to the Task Manager & tried to convince me that I when idle it should be running at 85 – 90%!!! Not the 0 – 1% that it was actually running at. By this time some 95 minutes into the call I was getting bored so pointed out to him that McAfee, Malwarebyes MBAM & MBAR were all unable to identify any malware or viruses and I didn’t believe that he was working for a legitimate company I.e. that he was a scammer and hung up. Like several other posters I am glad that I have sufficient knowledge + awareness of the scam not to risk giving any access to my computer. The other steps take are to increase my security levels to maximum as an addititional precaution. So far no further calls. Email address used is valid but only accessed intermittently.

Pud

Just got off the phone from a clearly Indian dude who insisted he was Japanese and whose name was …. Wait for it……. Eric Osama !
He claimed to be from Windows Technical Department which I knew was a crock but I played along and was telling me about all the horror stories going on inside my computer and that he was the only person who could help me.
After stringing this dude along for almost an hour his patience was starting to wear a bit thin and then just when he thought he had me on the hook I had my wife ring the doorbell and then I asked him to hold as there was someone at the door which he agreed to I then just put the phone next to the radio and wandered off to make a coffee but had the phone on speaker so I could still hear what was going on.
After about 10 minutes of holding I could hear my old mate Eric calling out for me on the phone which I ignored until he got frustrated and hung up……. Now I thought that would be that but no …… Wait …… There’s more he rang back!
I answered the phone and then berated him for hanging up on me and I asked wasn’t he interested in helping me out with my problem !
He apologized and said the phone must have dropped out I said OK and then he wanted me to click on the file download button and let it run ….. I said he might have to ring me back as I couldn’t talk to him right as the Police were at the door……..he asked why are the Police there and I said they wanted to talk to me about Computer Scammers………you guessed it long silent pause……… Then he asked to speak to the “Officer” of the law which I was surprised about so putting on my best Senior Constable Smith voice ……. (should have used Bob bin Laden but wasn’t sure I could have stopped myself from laughing :-)
We then had an argument over his alleged validity which ended with me going you are an idiots and I thanked him making my afternoon to which he replied with some profanity and promptly hung up.
It was without a doubt the best hour I’ve spent on a Saturday afternoon for a long time !

Manthan

Loved how you described it..

I just had a phone call, first a lady called Anna smith with indian phillipino accent( Well I am an indian so I cannot be purely racist about indian only). Asking me all these steps to do on my computer as I am a kid and someone is teaching me how to ride a bicycle for the first time. I have done Bachelors in IT and I play with computers everyday in my life.

So these are the steps they will ask you to do,
First they will show you how to loacate windows key and press R TOGETHER. then Eventvwr, Application and spot the errors and warnings. If I have more than 20 then I HAVE TO LET THEM KNOW!!!???. Then the higher technitian comes asking to go into Command prompt, ASSOC and check for CLSID.

I aregued with him for half an hour why do you care? Are you from Windows or Microsoft? Why haven’t you called in last 3 years as I have this laptop for more than 3-4 years? Why now? Where are you located? Why your number is from overseas when you say you are in NSW. So I got the point that this is just a bullshit.

He asked me to connect to one of their server to check if my system is allright. Straight away i asked him are you going to charge me anything? He says if the problem is major and because your software warranty is only for 6 to 12 months then we may have to renew your warranty so you may have to pay. I was like seriously? Software warranty? never heard that before..Anyways I asked him why microsoft or windows aren’t calling me why you? he says that windows or microsoft doesn’t care once the product is sold. good to know.!!!

I asked him that I don’t want to do anything then he says I may have to block your services. I was like who the hell are you to block my services, who gave you authority to block my services, I never saw any terms or conditions like that when I bought the laptop. Are you a police officer or federal police? He got my point that I was never gona give him any access to my laptop so he hung up. Straight away I googled CLSID and here I am sharing my experiance.

Thank you for reading….

Kiki

Yes, Windows Technical Department. I just got that call. I asked what company he was from and he said “Windows.” I replied “windows is not a company.” Then he actually told me my name. The line was noisy and I had a terrible time understanding him, so he put his “supervisor” on the line (appeared to have just handed him the phone) who spoke a little clearer. I refused to read him anything from my computer or verify the CLSID (while I googled it). His counter was “but we have absolutely none of you personal information, just the computer ID.” I said, but the other guy had my name. “Oh.” Anyway, I didn’t have a lot of time on my hands, When he told me that in 2 or 3 days my computer would stop working altogether, no one would be able to help me, and I would have to just throw it away, I started laughing and hung up.

Richard

Just got the call this morn (Apr.13/13) and laughed at the attempt. The guys Indian accent was a dead give away. Then to see what he was up to I played along to the point wher he asked me to ppen the Dos window, Click,(sound of phone hanging up), then googled to find this article. Thanks for confirming what I already knew.

Stephen Cobb

Glad we could help!

finefeathered

I got ‘the call’ today. Woman, heavy Indian accent, all concerned about my computer’s safely – ‘I’m calling about your new computer, it has been infected, please press the Windows + R key and tell me what you see…’. I played along for a while. When she asked me what my CLSID code was but I asked her to please verify my Windows license key for me before I give it to her. I also requested that she send me an e-mail with written instructions, which she should have along with my license key in her files since I do have a legally licensed version of Windows. Not only did she just ignore my request she kept giving me instructions. Truly fun at this point. I did a quick search on Google for CLSID and found many examples of what a CLSID should look like. I quoted one of them to her and she freaked out because obviously I’m infected. So, I pretended to freak out too. I started screaming for my husband and quoting scripture. Having a blast by now. I kept yelling ‘save me Jesus!’ over and over. Then I begged her to please, please help me. What in the world am I to do? Poor helpless me! She then transferred me over to another ‘technical’ support person and she said there was help available and I should not worry. The guy got on the phone and started trying to calm me down. His Indian accent only got worse the more I acted out. I finally stopped and told him that I have a simple golden rule for life ‘do unto others how you would have them do unto you….scamming is an awful way to do unto others and I’m going to *&@! you over if I ever find you.’ And hung up. Really a fun day. :)

Stephen Cobb

Thanks for sharing.

Great Fun

Just did the same thing myself. When I got to the part where I was supposed to read him what I said on my screen, I just said “it says that the person I am talking to is a stinking fresh piece of s&%t lowlife scammer trying to take money from hard working Americans and that I should tell him to go f%&k himself.” what a day!

art oswald

awesome – way to go

Diane P

My husband got several calls from these folks earlier this week with thick Indian accent saying they were with Windows Support and had detected problems with our PC. He told them on the first few calls that his wife was a computer tech (I work in IT) and that she handles all the computer stuff. He told me about it so I double checked all our security and ran full scans telling him we were fine. They called again in the following days insisting we had problems that our Norton wouldn’t pick up. They got him to go as far as putting in a .com address (he doesn’t remember which) which installed fake anti-virus software that indicated we were infected. They tried to convince him that we needed to pend $80 for them to help remove our “infection”.

When I got home that evening (wasn’t happy) I took screen shots of their fake virus reports, the software had the heading of 24/7 PC Guard and I found .exe files named “Guard Scanner” in our Downloads folder. I promptly did a Restore on the PC to a day prior to when this was downloaded and then ran full scans once more from my legitimate anti-virus software and we were fine.

This morning, they called again, same Indian accents. No number on the caller id however past weeks calls all started with are code 607 but with different names. Since I answered I figured I would play along and asked them to tell me how they had access to my computer. She insisted she was with Windows Support, I asked her what country she was in and she said she was in Ohio. I kept asking her to tell what my computer’s ID was if she was able to see that it has problems, she gave the phone over to a man and he proceeded to walk me through bringing up the command prompt and instructed me to type in ASSOC, he said this is how he would verify what my computer ID was. At that point I told him I was not going to type anything in he instructed me to and that I thought this was a scam, he hung up.

Bottom line, they are trying to sell assistance for problems you don’t have. If they can get you to install their “scanner” that makes it look like you have a bad virus even better. My husband has now been instructed to NEVER type in anything anyone calls on the phone and tells him to do!!! They were so insistent…

disqus_fXUhSvM5FV

I got a call just a few hours ago today from ” Windows Tech Support” he said his name was Daniel Smith (with a thick Indian accent…hint hint) and that was calling from Florida (couldn’t name the city) this is the web site he sent me on (http://www.windowsesolution.com/)**warning I haven’t signup or registered on the site you should proceed with caution too.

he did the same routine as he did with the others. checked the CLSID then the event viewer then send me to AMMYY to get the remote access software. but I stopped him there cause I wasnt sure if the remote excess software was the scam itself(i.e would install the malware itself since I had never heard of it before)

Quinn

AMMYY is a not the Scam, I’ve used it a few time to get remote access to my desktop. There is an official warning on their website regarding scammers. Things like AMMYY and LogMeIn are quite safe as long as you don’t give access to people you don’t trust.

Had to call HP Desk about a brand new computer not accessing internet explorer some indian guy took over my computer and said I had malware then tried to sell me additional security . This is BS Rip off

Spectrum Data

Yes, it’s sad that when you have an HP service contract they end up handing you off to a third party contractor who says your particular problem is not covered under the contract. They then try to sell you an add-on contract which will cover your problem.

VonBorgertz

Got the call about 30 min ago, also claiming to be connected to Microsoft but not working AT Microsoft. She said she worked for some security/technical department. Also had some heavy indian accent and phone number shown on my phone was 000015672539999. Anywayz, she went through same as for everyone else, press windows key plus ‘R’ and run the event viewer.. there she informed me about all these alerts she had received, and obviously there are some alerts in the list there. But as most of em were things I could relate too I asked her to give me the exact time of just one of the alerts they received so I could check what was wrong. That wasn’t possible.. So I just played along, checked cmd and let her give me the CLSID and over and over she explained how my computer was about to crash at any moment.. After a while she asked me to go to https://www.fastsupport.com/ and type in my full name and a 9 digit number I got from her.. didn’t pay much attention to the number though. And when she asked me to press enter I asked her why she claimed that the CLSID was unique for every computer when its not. She kept claiming it is, so I basically had to prove it to her :/ I then explained to her that im not too impressed with their way of scamming people, and that I hope there is a way for me to contribute in taking legal actions against their company, and her who obviously purposely tries to steal money from people. She didn’t reply to that, she just hung up.
But I do get that people fall for this though, because they do sound convincing in their way of describing things etc.. Although as many point out, their accent gives it away a bit.. but if u aren’t used top computers and don’t have much knowledge regarding scams etc id say there is a good chance they could succeed with ripping people off.. unfortunately.

Smart1

I just got a call from ‘Windows Tech Support’ guy, with an Indian accent. He played the usual CLSID con. He got frightened when I told him I was a IT professional, which I am . Wish I had read these posts first so that I could have had some fun with him. At one point I asked him how he knew my phone number. He told me that my phone number is associated with my internet access so he got it from his error report …lol.

jos

I can confirm that the exact same scam as described above has just occured 30 minutes ago in the Netherlands.

Kathy Brown

Just got a call for this scam from “private caller”. He had an Indian accent and was very convincing! Luckily I googled “CLS ID” and came up with this as he was making his pitch. I told him he was scamming me and hung up. Watch out for this one!

EJ

I Just Received 2 calls
one from 971-217-9508 caller ID shows: V52123322800005 (whatever that stands
for) and the second with no caller ID from 425-406-9022. The first call I was
busy and had my friend pick up. Immediately they went on to say that they are
from Microsoft and are getting error messages from my computer. Since I was
busy she had asked them to call back in 15minutes. So 15 minutes they call back
same thing saying they are Microsoft support and they are receiving error
messages from my computer, I asked how that was possible and he asked me to get
into the command prompt so I asked who he was and where he was from and he says
sir you keep asking me the saaaammmme questions really slow lol so I said yes
and you haven’t answered one of them so how can I verify who you are and why or
rather how is it possible my computer would be singled out by Microsoft to tell
me I have a virus, so he told me he was from Oklahoma, I said wow and after the
crazy weather and disruptions were you not affected, there was a long pause
before he said sir I am just trying to help you. So anyways I told him to call
back in the morning and take it up with the IT department.

BTW I’m in Vancouver BC Canada

John Rothwell

I have just been called by a foreign sounding gentleman who went through the process above including the clsid thingy. When I said I could see errors he told me he would put me through to the Microsoft technical support dept. when the chap came on the line ( he sounded just like the bloke you I was just speaking to) he told me to go to one of these “show my pc” type sites. At that point I said that I didn’t want anyone remotely accessing my computer, and hung up. The number given when I dialled 1471 was 000000000000000!

Jason Panrucker

My mother has been getting calls from the same scam for the past month, but her reply is and always has been, “call on the weekend so you can speak with my son, he manages all of my computers for me” so he called yesterday and boy did I have a ball..

I played along and did what he said, checked my CLSID and event log, then I told him I have my compTIA A+ cert and that the key is not unique, I’ve worked as a computer technician before and he should never call back again, he started attacking me saying that I am an idiot, and that my computer will fail if I don’t listen. I told him to piss off and not call again… then I had fun…. he blew up saying (thick indian accent) “you thred me? are you thredding me?” to which I proceeded to give him a lesson in English, “no I think you mean Threaten!” and spelled it out phonetically for him. that went on for a while until he called me a bitch and hung up.

these guys need to be stopped, if I hadn’t told my mother to ALWAYS call me or speak to me about computer related issues, she would probably have given him remote access.

I am interested to find out exactly what he was trying to achieve. trying to get bank details? personal information? sell software to “protect” mums pc?

any idea?

DD

I just got scammed the very same way. Thankfully I suspected a scam and simply hung up on the guy. Thank you for posting.

MsTiBlue

I received this call at 5:06 P.M. today (6-3-13). I let him go on about why he was calling as I wanted to find out who/what was going on. Once I determined his goal was to access my computer remotely I scared him off!

disqus_OqK0sY9i2b

I like to get conversational with these guys. So where do you live in New York? “204 Mapple”. He spells it out. Oh you mean Maple. What part of NY is that in? Confusion. Manhattan? More confusion. What subway station do you use? Etc. Keeps them on the line, and not scamming someone else or getting commission.
The duct cleaning callers, who infect Canada daily, are based in Karachi, Pakistan. These guys may be too.

Khlebenvasq

I drop the tag line of Anonymous on them and they hang up quick.

Them: hello I am from Windows Support…

Me anywhere in their spill diffent parts:
We are Anonymous
We are one we are Many
We do not forgive
We do not forget
Expect US….

Padraig Mc Elroy

The scam is alive and well and still going.
Big Clue…They cannot get your phone number via a computer glitch.

bertcliche

Very nice scam (I got a call from http://go4rescue.com/) today. I *really* like the CLSID trick, unfortunately, I can imagine this being too effective at fooling people. My call started off with “we noticed that your windows updates were not being applied” and they repeatedly insisted that they were “Microsoft certified.” When questioned as to the name of their employer (and I was popped between two “technicians”), they were reluctant to provide details but I got eventually got it (see URL above). And no, sorry, I would not provide remote desktop access so that they could “protect me from the spyware which infected my desktop.” But, nice try! BTW, the phone number is only cosmetic, it only bounces the caller to voice mail.

Jacob

This just happened to me in Singapore. Luckily didn’t fall for it but wanted to check out what they were doing. Thanks for the detailed explanation. Likewise, mine said the were employed by “Windows Security” and had Indian accents. Their website also listed phone numbers from various countries depending on what IP address I put it..

Jacob

Ironically, though, they gave me the wrong CSLID number so they did a pretty shoddy job and knew something was odd.

heather

They’ve called me several times, a few days ago called 12x’s starting @ 6:30 am. Today though the guy that I spoke with I let him know that Micosoft does not call people and he said he’s NOT from Micosoft he’s from the Windows…. LOL
Then he tried to tell me that he could prove he was cause he knew my CLSID number, Well, a quick search on the internet and I found there’s no way he could know that.

He started to get really pushy with me, telling me that I really needed to type what he tells me to right now that he only has a certain amount of time per call.

Finally I’m just sick of being on the phone with him so I just tell him “Look I could care less if there’s malware, virus or if someone hacks my computer it’s a 200$ computer” he replies “UHHHHH 200$?????” I say YEP! he hangs up! lol so just maybe they won’t call back!

ZombieSquirrel3

I just got a call from scammers if it wasnt for this page i might have been stupid enough to fall for it. Teaches me to drink after work lol.

Erland

Just received this same scam today in Colorado, US. I had a laptop handy so I went through the same command prompt sequence to check on the supposedly unique CLSID number – when I informed the caller that the number was the same on each machine, the Indian guy I was talking to (who claimed to be in New Jersey) said that the number was unique to each user, not to each computer (contradicting what he said earlier). That’s when I did a little searching and found this posting – thank you for writing this, it really put things in clear perspective for me!

Michelle

I got this scam today, and typed in the assoc and he read the number back to me. At this point, i was pretty certain it was a scam so I cut the whole thing off and said that i would call them if there was acutally something wrong. SO, my question is, my computer is completely safe if i cut if off after the accos command, correct?

Raymond

Same thing just happen to me on 23 July 2013 at 11:00 am. The scam went exactly the same way as “Steve” stated below. I told them that before I went any further I needed to phone my cousin at Microsoft to verify. The phone number the scammers called me on displayed “private” on my caller ID. I told them that when my cousin phones me from work it shows Microsoft. The scammer hung up. I wish I had a cousin at Microsoft.

Luke Allen

I just got a call today 23 July 13 from an Indian lady claiming to be from Microsoft and that my computer has malicious files that she needs to point out to me. I asked her for her Microsoft employee ID#, and she kept insisting she show me the infected files first to prove she is from Microsoft. Curious to see where she would take me she had me hit Windows + R, then CMD….she then wanted me to executed ASSOC. Before I would do anything further I insisted she give me her employee ID. She was off the phone for about a minute, argued with me about the ID number, she finally gave me a bogus number (2411679512). I then asked her what her name is. Thats when she hung up on me. The number on my caller ID was: 326-172-0000

Bill

I got the call today, July 27 2013. They told me my computer was being hacked from Mexico. They needed to see my CLSID. I’d had a similar call before so I knew it was a scam and just told them I was on my way out the door. Last time I looked it up while on the phone with them and saw an article like this so I hung up. Thank goodness for an article like this.

Caller had a strong South Asian (Indian or close-by country) accent. I could hear many other voices in the background.

Gers69

Still on the go! I got the Indian accented ‘Michael’ from Windows Microsoft Technical Support who told me my computer had broadcast distress signals. When I asked him to confirm who he was he had me look up the CLSID (using the assoc command) which he was able to read off to me. My suspicious nature had me do the same thing on a separate PC so I knew that it wasn’t a unique ID. Things progressed to ‘Michael’ telling me he would have to invalidate my CLSID – for the protection of other computers – if I didn’t take their service. I acted really worried and said I didn’t want to lose my PC – what coulde I do. The guy must have thought he had me on the hook – when I told him I had no credit or debit card he asked if I could phone a family member to borrow CC details. I offered to send him a cheque if he would give me his address but he said their process didn’t allow for that. I asked him to send me an invoice which I could pay at the Post Office bur again, their process yadda yadda… Choking back the giggles I asked tearfully how I was supposed to get the ‘services’ to protect my PC and eventually was directed to send £120 via Western Union to Shreeram Davad in Qatar. ‘Michael’ will call me back tonight to confirm the payment and proceed with the ‘service’.
Despite hanging up on him a couple of times the guy must have thought I was a sucker as he called me back both times! Had him on the phone for about 45 minutes in total, and hope I am home when he calls back tonight. Hope the phone charges are expensive for his scam group. I might try faking a Western Union receipt number (10 digits) to see how far he’ll go, and how long I can keep him on the line.
On second thoughts, they may well have hijacked someone else’s phone account so I’ll probably cut it short when he does call. I’ll pretend I was able to fix the ‘problem. Maybe I’ll even tell him I went out and bought a new PC!
Thanks for confirming that this scam is prevalent – makes me feel good about wasting his time.

scott

Still going on. Aug 2013. I toyed with them up to the point of “Cathy” telling me to start ammyy. I thanked her for trying to help me and hung up. She actually called back and told me my liscense was cancelled and I would never be able to use my computer again. She did not care for me turning their annoyance into my fun. Oh well.

ronnie

Hi, i know i’m stupid and i just got scammed by thoses guys. Actually i gave the remote access but i did’nt pay. I learned my lesson, don’t worry. The point is : i changed all my password, i did few fullscan with microsofr essentials et malwarebytes. Now that this is done i was wondering what to do to be sure everything is clean and it is possible that they stole few files (like word documents) from my desktop while they were on the remote access ? Im really anxious right now :( I will never do that.

http://dharley.wordpress.com/ David Harley

I can’t say it isn’t possible that they stole documents from your desktop, but I’m not aware of incidents where a support scammer has done that. (There have been incidents where the scammer has tried to damage the system/files where the victim has given access but hasn’t paid.) You might want to make sure that the agent software for AMMYY(or whatever remote access system they used) has been removed.

Alan

The scam is still going albeit with a slight twist. My wife was called today by an Indian lady who claimed she was from Universal Internet Security, a company sub-contracted by the UK government to disconnect pc’s that were infected and causing data problems for the government’s central server. My wife passed the call to me as I have worked closely with various government bodies on computer based issues. I immediately told the woman she was making this up as there was no such UK central server but she said she often got a sceptical response and then supposedly transferred me to her ‘technical’ team, although in reality she just handed over the phone to an Indian gentleman. He immediately repeated the patter that Universal Internet Security was contracted by the UK government and my pc would be disconnected if I did not assist. I asked where he was based and for the company registration number to which he said India and quoted a company registration number 7052325. He asked me to go onto my pc and find the middle 16 digits of my CLSID and supposedly by way of proof this call was genuine he quoted me the first 8 digits and the last 8 digits of the number. Having got fed up with this bullxxxx I told him there was no way I was letting him anywhere near my network and that he was speaking a load of nonsense about UK internet security. He protested and kept asking me to access my pc so he could show me where it was infected. I told him I had been recording the conversation and would now relay this information to GCHQ so they could take the necessary action against him and his company. To my amazement he merely said he would call back later in the day once I had verified the information. Sure enough they called back about 4 hours later although this time I ignored the call.

http://dharley.wordpress.com/ David Harley

Approve.

—
David Harley CITP FBCS CISSP
Small Blue-Green World
ESET Senior Research Fellow

Andy

They’re still operating. Just cold-called me, almost exactly the same script as Steve (6 months ago), practically word for word. Fortunately I’m just about tech-savvy enough not to have fallen for it (and come fully loaded with a VERY suspicious nature lol), but I guess to the average guy or gal on the street they’d sound pretty plausible.

jo

I was duped and gave the guys remote access today, but did not buy their protection though installing “valid certificates”. Hope my system has not been to badly compromised. There was a scrolling through the directory of documents on the C-drive for about 30 minutes, while they “cleaned malware”.
Afterwards I deleted two programs they installed, but not sure what else they “tweaked” on my system. I suppose If the worst comes to the worst, I can reformat the drive and re-install my OS.

Maggie

I got a call today from an indian accent guy who said his name was Steve Johnson and he was calling from the techncial depart about my errors 888DCA60 asked me to run some tests I played along for a little while then I asked him for his phone number so I could call him back 0115 365333 he asked me to run CMD. then ASSOC then eventvwr ..he was quite convincing and very polite

joy

For some reason they LOVE my number. It always shows up as “out of area”. I asked what company he was with and he says WST. I said I need a number so I can reach him and he says yes he has one. I think I will have fun with them the next time they call. I played along for a while. But got tired and hung up. He called back 4 times… I WISH there was some way to report them. But they have the number blocked and even with the anonymous call reject with caller id these idiots come thru. I may get them to pray with me the next time or start talking in a foreign language…of course a made up one…

Barcelona

I Got a similar call like 6 ago from some indian scammers claiming to be Workers for microsoft, i knew from the beginning that it was false but me kind nature didnt want to be rude so i just let it go and see what they were talking about and being a technical expert myself i knew that they were telling me things i already knew and over exagurating the fact that i have registery error wich is technically normal on everyday computers, after letting them try scare me with false errors cpu usage at %7 i decided why the hel am i taking this, i probably know more then them so i pointed out that, that task manager cpu statt only shows how much its processing not that the viruses (witch dont exist) delayed my cpu and told him that 80% is horrible for a cpu…after further arguing the technician tried to open syskey and set a password from my computer… right after that i hanged up knowing that setting that password would require me to enter that passowrd (they didnt even tell me) every time i boot windows and hell no im doing that..they called another 4 times and mentioned some nonsense about my CLSID after a while i got sick off it told them i no longer want the service and i dont care if my computer has viruses its not going to hurt my life cause fixing is a easy thing and he refused tried to force me…. at that moment i got pissed told them their plan trying to trick me then lock my boot the the guy says “you a smart mother***ing asshole and forgets to hang up or something and i continue to hear the other scammer and some arguing and intense swearing from other people the they hang up”.. they used the remote program from ammey. http://www.windowssupportusa.com/about-us is there fake website and have indian accents so dont FALL FOR THEM… personally im taking action againgst.. ive stopped there site for
4 days and traced them to a voip ip. and located them and now going to get legal help to stop these fools

Bob

I was introduced to this scam today, from someone with an Indian accent claiming that they had evidence that our PC was “downloading viruses from the Windows server.” Of course, that language alone set off alarm bells, so I questioned them. When pressed, they claimed to be from SwitzNet, a legit tech support company in the UK and India (although they claimed Alabama). And they could read out my exact “unqiue” CLSID, which is obviously the tool they use to establish trust with the target of the call.

This posting turned the call around. I was able to establish immediately that a CLSID is not unique, that the “tech” person was lying to me, that he was really calling from another place (206-682-0185 Transcom Enhancement), and that people in the background were accepting credit card numbers from other call recipients who had not made these observations.

I hung up on them and called the FTC, which has a current focus on tracking down massive support desk scams. The FTC can be reached at 877-382-4357.

GLOBAL SUPPORT 4 U IS A SCAM

Global Tech 4 U called me and had me go right to my command prompt. I’m the computer administrator here, so I thought it would be interesting to play dumb and hear what he has to say. Turns out the information he was looking for, was bogus. I could show how people would be tricked by this… I read several articles about how the FTC is cracking down on this, as it should be.

The guy called from Skype User: 661-748-0240 (First red flag). His name was Rick Williams, he gave me the number: 866-285-8799.

Do Not Answer!

Alan

Thanks very much for this excellent article, I was able to read it verbatim to the nice Indian chap from New Jersey, though I did have to tell him the definition of the word scam!

maziej

Thank you for the article. I was called about half an hour ago. I am married to a geek so a little wisdom has sunk in and I suspected a scam from the start. I asked the guy if his very strong Indian accent was from Minnesota, he said no, he was from China. I asked if this was a scam and he got angry and said if you “use the google to anyone’s name you will find it linking to a scam.” I googled my name, no scam, and told him so. He offered to send my name to the googles and in ten minutes my name would be connected to a scam and asked for my name. I replied that he should have my name if he had my registry information and worked for Microsoft as he claimed. He just started the script over and I said call back later, I need to have a wee. I hope he calls when hubby the geek is home, that would be fun to hear.

Joe

Just got off the phone with someone doing this scam. I knew from the start and was able to keep them on the line for 11 mins. Was even able to talk to his “manager”. They were really bad at it as they went from working for Microsoft to then working for Best Buy and being contracted by Microsoft to do the calls. In the end they hung up on me.

Pieter Jelle

The guy I had on the phone was from a company called Tech Resolver and is supposedly situated in Albany, New York. He was describing a similar procedure (as described by David Harley) that I was supposed to follow. I didn’t trust it and told him that I needed more information in regards to this procedure, their company and so forth. I hang up the phone. The website of Tech Resolver that I found didn’t have any address associated to it; giving me even more reason to believe that this was a source that couldn’t be trusted. I’ve tested my firewall and can’t seem to find any holes, nor any malware on my system or viruses, so I already found it hard to believe that they could somehow detect that my computer was being hacked.

Melanie Bull

This is still going on! Just got a call Sept 2013 – I’m in the UK – they push and push you to type in ASSOC to give them computer ID.I refused until they could prove who they were by other means.

Bob J

I’m in Georgia, USA. Received this call. He made it sound like it was Microsoft Support. He said they received notification that my computer would not receive Windows Updates because it was infected. I was skeptical, but came close to being sucked in. I would not let him have access to my computer at first, but allowed it after he answered several questions and he directed me to the CLSID. I was ignorant to the fact that the number is not unique. He turned me over to “Sam”. He first used AMMYY and then used LOGMEIN. When I questioned how they could tell my computer was infected, he directed me to do something. A window showed several IP addresses (all my computer) and another number next to each IP address that looked like MAC addresses, but I am not certain. The next column had a label of some sort that I can’t remember, but it seemed to indicate that each was a foreign or infected file. All these showed a date of 9/17/2013 (which I remember because I tried to think of websites I visited on that day). I do not remember how I accessed that information. Can someone tell me how to do that so I can repeat it? The bottom line is that he wanted me to subscribe to a service from gtechsupports.net, which I declined until I did some research. After discovering that this is a scam I did a system restore to several days ago. Also, I am running several security scans. I would still like to know about the files “Sam” showed me that he said were the problem.

http://dharley.wordpress.com/ David Harley

Bob j: we think it was probably a netstat window that he showed you: one of the columns it shows by default is ‘foreign address’. I’m not sure which option you might have been directed to use, though: I’m going to try to find some time to check that out further.

Kan

Scammer: (Middle eastern accent) This is windows tech support team. Your computer is in critical condition. We are specialists, and I am here to help. I know your CLSID. Now tell me what operating system are you using?

Me: Linux…

Scammer: I am sorry, NOW TELL ME what operating system you are using or else I’ll have to terminate your service!

Me: LINUX!…

Scammer: WHAT? Tell me what operating system you are using? Vista, 7, XP, 8. Are you the owner of a computer?

Me: YES. And I TOLD YOU THAT IT’S LINUX FOR THE GAZILLIONTH TIME….

(It went on for about 2 more times… I had fun trolling this worthless idiot who doesn’t even know what linux IS and claims to be a tech specialist for windows… LawLz…)

carl

hi yeah just received the call from a lady with a middle eastern accent. i spent about 5 minutes on the phone to her while she was trying to tell me i had some serious issues with my laptop, she said she was from a company called I.T. solutions so i said let me just google your company a second, so i get to the website of the company she claims she is from and at the top of the webpage there a n alert banner saying that people are using there name to get remote access to peoples pc/laptop i relay this message to her and she hangs up. i mean i was really interested “sarcasm”.

Brenda

I have received four calls from these guys in the past week. Today, I asked for a callback number so I could call when I actually had access to my PC. I didn’t bother to test the number, but have now filed complaints with the FCC and the FTC. It is sad to think how many folks must fall for this rot.

Mattias

I had a call from these morons today, and got suspicious right away since this was not a “service” i had asked for. Indian accented english speaker calling from Windows Support center. My first thought was, noone ever helps completely random strangers with computer problems.
I got the instructions to ceck the CLSID assoc, then i had to hung up on him. He asked me to check and then he would call back in an hour. I took this time to google CLSID and ended up in this page confirming my suspicions. When he called back he explicitly asked, “do i have your trust now?”. I replied no and that I knew all about their scam and told him not to call me again.
Thx for a great post, I shared it on facebook to spread the word.

Kevin

I rec’d a call on this scam today and the phone ID was Private Caller. I personally like to mess with Cold Callers so I answered the phone and played with him. He told me I had a virus and ran through the process described above but when he asked me what I saw. He was not expecting me to say a black screen, once he understood, he told me to restart my computer which I pretended to do so. We went through this process 3 times before I told him I got a Command Prompt, the he asked me to input the information above and that is when I told him I was not in front of a computer. At this time he was confused as he did not understand english very well and started talking in a foreign language, after a while he came back to me and said good one, that was when he hung up. Beware of what you give out on the phone or the internet and when you do have an issue call them.

A. B.

I got this call today. I cant say if the Accent was Indian bút it sounded like this. Inerestingly the phone number was not anonymous.
The number the call came from was: 0015672539999

sleep

got call from india said assoc is my computer id. wanted 499 10 year support, 99 one repair. he had we fooled for a while.he said someone was using my computer as a slave to download music.

Mm

I have been receiving these type of calls lately and I usually hang up when confirming the number/I’d they ask for. But last night this ‘John’ person was really aggressive, telling me that there have been complaints from my IP address about scam emails sent to the government, that there have been mentions of bombs and terrorism in my messages, and he asked me if I was one of them. Then he said that lots of porn has been downloaded from my pc if I was downloading it or not! When I said yes to everything (obviously not believing anything) he got mad asking me if I thought it was a joke that he had my phone number((of course…..he was the one calling, not me) and he had my address ( that he couldn’t even pronounce in English) and of course that the called was being recorded. As usual, I followed his speech but when coming to confirm the claims number I hung up on him.
I guess they are not getting to many people to believe them, nowadays, and they are getting really aggressive now.

Rony

Happened to me today in Australia. Guy with strong Indian accent claimed to be from Telstra and threatened to cut me off the internet as my computer is infected with the viruses. He said they sent several warning messages previously. Then he asked me to open a browser and go to ammyy webpage. Seeing scam alerts I hung up at that point.

Roberta – Italy

Just happened to me in Italy – guy claims to be called James Parker from WindowsSoft.us now, service provider for Microsoft TechSupport. He read out this CLSID when I was showing my scepticism, to try and get me to download the ammy exe from WindowsSoft.US Contact Us page (so “ammy” was not mentioned at all during the conversation) I cut him off telling him it was an unsollicited call and asking him to send me verifiable info by email (since he had my tel number, I told him he surely had my email address as well) and hung up.

Joe Lewis

I wish I had been there when finefeathered was called! We got the call too, and the caller’s Indian accent was stronger than his English, so I really couldn’t understand what he wanted me to do. I’m relieved to find that the CLSID is not unique.

Steve

I had the same experience today, an indian accent called me today saying the same thing. He wanted to remote access my pc. Told him i do not know who he isand where he is from. He went onto say that he was working on behalf of Windows. When he asked me to type in assoc and then wanted remote access. I figured out he was a scammer and reported him to the police and internet fraud team. Be aware!

tenagirl

I too just had a call. They said they were from “Microsoft Support”… They did tell me the CLSID and I said that I was not impressed and hung up. It came in as a “Private Caller”. I called another number from this lot (hub got a call and hung up). They answered Microsoft Support. THAT has to be illegal. Any ideas? 1 347 796-4494 This time they said…”Welcome to tech support” What a scam…

Alice Coltharp Dean

got this call today. from “Windows Live Advantage” group claiming my cls id was leaked out to the internet and anyone could get this and hack into my computer. I didn’t have malware because i let norton expire and didnt realize I was missing my AVG. Any way i typed in ASSOC and event uploaded http://www.teamviewer.com and connected with the guy named Eric with what sounded like an asian accent. anyway when they transfered me to their supervisor I asked why and then the supervisor started the sales pitch and for $149 he would clear my problem and I said no and I wouldn’t have listened to this further. Then the price went down to $89. I wanted to disconnect and then he hung up on me. i know better and even though i was sceptical i continued all the while asking questions but i willnot fall for that again.

eric

They callied now several times, caller ID is 642 11111111. Asked for the company he said beta secure.com. He hang up after 10+ minutes asking him questions. If you want to practice, call the number on the website, I bet it is an Indian accent :-)

Paul

Trying to convince me that my router ip address, which is 192.168.xx.xx for almost every router is my assigned ip address. Wanted me to type in to a command prompt assoc and provide them with my clsid. When I asked her to send me an email since she called me and I don’t know who she is, (supposedly Microsoft line support, following up on illegal activity on my ip address occurring all over the country), since she seems to have all my info, she hung up. She got nothing from me. Not planning on reporting it, I think it’s probably a waste of time.
Paul

Rachel

We got a call today saying that he is from gmail support and that they have received complaints about spam emails from my daughter’s email acct. I took the call pretending that he is talking with my daughter. They gave a callback number (18882036814). The caller ID showed the name daniyal – funny that he gave the name Daniel Creg when I asked his name (and that’s how he spelled the last name). Anyway, I told him I’ll call back once I have contacted gmail but unfortunately gmail has no contact number. I called back and asked them how they got the home phone number when it’s not even the number used when my daughter signed up with gmail. They hung up. I traced the number to Techno Alabama. The accent is definitely Indian. I wonder where they get the info – they have the email address, home address and home phone number.

CDailey

Out of the blue, I get this phone call (Florida caller ID)
with a hyper-sounding India guy from “Microsoft Technical Support” stating that
my computer had been sending error messages to them. I knew about this little scam, because they
had called me a month before and lead me on their wild-goose-chase. I decided to play along. To prove who he was, he gave me his phone
number 1-855-517-6253 and his company website http://www.smartsnake.com. Not sure if they are with this company, or
just using it.

The first step, he said, was to find the computer that was sending the
messages. He said it was the computer
that I do most of my on-line banking and shopping with. He assured me it was not my son’s gaming
computer. I question him on how he knew
this, since he could not give me the MAC address of the computer. I’ll show you, he said. He led me through the painfully slow process
of identifying my C-t-r-l key and my Windows key and spelling out the A-S-S-O-C
command prompt to get to the CLSID screen.

.zfsendtotarget=CLSID{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}. I knew this was the same number on all
computers, but played along assuring him we had found the “right” computer.

On our journey, we visited the Windows Event Viewer and set the filter
to show errors. He asked me if I knew
how to fix these errors. Of course, I
said no. He said, I am helping you fix
all of these free of charge. We also
downloaded SuperAntiSpyware (which is free to anyone), which, of course, showed
me all of the problems my computer had.

When we got to the LogMeIn Rescue screen (this is where they can log
into your computer and take control of it; never do this for anyone you don’t
know), to start the download. At this
point, I told him it was not working. He
asked me what the screen says, and I told him “You do not have
permission”. He sounded confused, and
gave the phone over to another technical expert.

We went through the spelling lesson again, this time with A-M-M-Y-Y
(remote desktop). Again, when it got to
the screen to give them access, I said it was not working.

I eventually went through 3 technicians before I heard the click. How rude, they hung up on me. I was hoping to get on their do-not-call
list. I guess I will just have to wait a
month or so to find out.

Larry

I received a call today almost exactly as described above. Indian accent but good English but very pushy. Did the ASSOC scan and red me the number. He asked me to use the EVENTVWR command in the run prompt. I wrote it down but did not enter it. By this time I was on to this was fishy. He told me that at the end of the call he would be billing me for his time to fix my problem. By this time I was convinced this was not legit and I told him this was crap. He said I would not be able to use my computer anymore because my license from windows had expired. He also gave me a phone number – 855-677-5556. I did not call this as I don’t want to give out my number.

Big Slim

Thanks for this site. I was becoming to believe what I was being told, but immediately I received the phone call, I switched the PC off. They tried to persuade me to switch the PC back on. Told me my CL SID number was 00C04FD7D062, from that they’d obtained my phone number from the UK database and the UK server shows that my PC has downloaded malware which I would not be able to remove myself. There phone number provided when I asked was 2537 850 721 and the technician could be spoken to on UK 702 406 6231. Their website was provided as http://www.safeinc.com.
I had a good laugh reading the posts on welivesecurity.com, they are so similar to my received phone call. To add to the comedy list, my caller did not who makes/produces Windows or what company he worked for.

Rav

I was called with the same Scam this evening from +131 5642 4364.
First he got me to run the Assoc command.
Then he told me to open event viewer and observe all the red dots errors.

My little joke was to tell him that there were no errors in the event log. This perplexed him somewhat and he gave up.

I could see how a non-IT literate person could fall for this scam, though.

Dave

I just got off the phone with the exact same scam. I was skeptical from the beginning but played along until they wanted me to go to http://www.teamviewer.com. My son cautioned me from taking that step so I did a search on CSLID and found this post. Glad you had posted the same number as that proved to me what I suspected all along.

jack

i had them ring yesterday. i played dumb but played along with them. i kept asking them questions including asking them if i could call the back. i was eventually put on to the supervisor. i kept the on the phone for 33 minutes and ended the call with asking if they felt guilty and if they slept at night followed by an evil laugh. they then hung up on me. i love it when they call. its so much fun

AKS

They keep on calling me with the same clsid thing…they say that they are from it solutions company not sure if they are …wonderful thing is that I am not using windows and they report that i have issues with my operating system which is windows :-)

restless

if they try this on me I will string them along for as long as I can, but eventually I will have to ask them where the enter button is on my Etch-a-Sketch

Just had this happen 5 minutes ago. Alice Williams who had a OVERLY thick accent an I had let her run her game for a few minutes. Then said “my son just woke up. I have to handle that. An she said “Sir, we can finish this quickly.. I think proceeded to ask ask her. Is this NEW computer an potential virus that you want to fix more important than my son? Ummm don’t think so Alice. Do you have a number? I can call ya back after I attend to my child. An she gave up 1-800-986-4764 an sounded very frustrated with me… boo hoo?

KJ

I got this call today and my story is exactly like Steve’s below. When he wanted me to go to TeamViewer.com to get remote access I knew something was not right. I asked him to walk me through the supposed “fix” and he said he had to do it. Told him that was not going to happen. While he tried to convince me of his reasons why he needed to do it, I saw Steve’s post and then he hung up.

Steve Yu

I got a same call today from a man named Ricky Martin. He too had a thick Indian accent and I can hear another Indian lady in the background talking to another poor soul. Fortunately I googled what Ricky Martin was telling me and found this chat before I followed any of his instruction. I asked for his call back number but he would not provide. He kept repeating that he was calling from the Windows Tech Service but wouldn’t mention Microsoft. I politely hung up and asked him to not call me anymore.

Thank you all for posting your experiences. They really helped.

Peter

Ive had yet another of these idiots calling. Usually I just hang up but today I was in a playful mood so kept them talking for 51 minutes. i kept ‘mistyping’ things they were saying (even though I wasn’t actually typing anything) like asocc instead of assoc and amyy.com or ammy.com just to wind them up. eventually got bored and then got a tirade of abuse saying ‘did I know how much it cost to phone me without making any money’ and then it got really funny – ‘did i know all white men are paedophiles who have sex with their mothers’ . the more i laughed at him the more the abuse came, i was genuinely crying in the end.

Please dont fall for this scam

DaveBinAZ

http://www.teamember.com is yet another that asks to remotely connect through their software. They said they worked for Microsoft. I said I use an old OS, xp which isn’t serviced anymore (but which is an awesome OS). I asked for some examples of the ‘infections’. They dodged. I asked how they got my phone number. It was ‘provided by Microsoft’ they said. On and on. I wasn’t busy and managed to take 45 minutes of their time and it was great fun. I even offered to let them access my system through the built in remote session service (which i knew they wouldn’t do) and they said the infections wouldn’t allow it! My event viewer was just cleaned out through another program and had no warnings, etc. They said that the infections were ‘keeping them hidden’. LOL!! GEEZ! These guys had a tremendous propagation delay, at least half a second, but they claimed to be calling from CA. Yes, it could be their phone system is routed super slow, but more likely their origin was New Deli, or somewhere.

Jerrod

I got this call today from “Windows support”. I knew it was a scam as soon as she said windows support. I got her to repeat everything at least 4 times, but the best was going through all of the CLSID numbers. I asked her to stop and go back maybe a dozen times. Its a very long string of numbers, so you can imagine how exasperating that would be. 888DCA60-FC0A-11CF-8F0F-00C04FD7D062. They’re so confident that they have the number (which is the same on everybody’s computer) that she actually gave herself an ‘out’ by saying that if the number didn’t match I could hang up. After a good 10 minutes of repeating it, I just told her that “nope, thats not the number I have. one of the zeros is different.” She sounded so dejected but lived up to her promise and said good bye. Yay!

JJ

An elderly friend of mine got scammed yesterday. They gained access to her computer then demanded her credit card # in order to fix the problems. She refused but they had already changed or activated the windows xp boot password. Is there a way to fix this or do we have to format the hard drive?

Paul

I received a call like that this morning. A guy with an Indian accent, claiming to represent Microsoft, informed me that computer was sending error messages to Microsoft. In my case at least, I knew immediately that this was impossible as my Windows laptop is only used for digital mode ham radio (PSK, JT65, RTTY), and there is no internet connection here. What can I say, I live in a rural area and satellite just costs too much. Anyway, the guy wanted me to turn on my laptop but I offered to call him back. This terminated the call. I’ve never had a call like this until this morning. From the sounds of activity in the background, like a typical call center, which could be canned of course, it appears that this is a substantial operation. Thanks for the article.

Nabi

I just got this call today and I didn’t have an idea about this scam so I followed the instructions, being suspicious all the way through. At first I yelled “I can’t understand you!” due to their heavy Indian accent (Yeah, I know, I sounded rude but I always get frustrated every time I get their calls ><'). Then I kept asking how they got my phone number and they kept ignoring the question. I still patiently followed all the steps until they told me to type in 'iexplore http://www.ammyy.com&#039; in the command box and that was when I was sure this was a scam. I didn't click run but instead went on google and typed in 'ammyy' and got a whole list of scam reports. I asked them "Is this a scam?" They said "Ma'am why would I waste time and money calling you, this is legit…" Well I didn't hear the rest because I hung up on them. Now that I know it was a scam next time I'm so gonna troll them until they get frustrated and hang up!

peter

Hello,

A big thank you for describing the CLSID scam. This also happened to about an hour or so ago.

So, I typed in the the Windows command {cmd, assoc}. Indeed, I got the CLSID code that you mentioned in your article.

Then, I wanted to recover this code from my Win XP registry. In other words, I tried to read the registry key at,

HKEY_CLASSES_ROOTCLSID

What did I do wrong ?

Looking forward to hearing from you.

-peter

http://dharley.wordpress.com/ David Harley

There seems to be a typo in the article, which I can’t correct at the moment. It’s HKEY_CLASSES_ROOTCLSID, But it just gives the default GUID {0000031A-0000-0000-C000-000000000046}.And it’s not stuff you want to do anything with unless you really know what you’re doing.

Charlie

I just got the call a few minutes ago, same as the rest. I run a computer repair business and was aware of this scam for a long time so when the phone rang I wanted to see how they actually could get someone to allow them access to their computer. After reading me the CLSID number at the bottom of the ASSOC I told her that the number she read was not the same as the one I had on my computer. She started to argue saying that she knew this was the number and I had serious infections on my computer. I told her that all computers have that same number and she didn’t know anything, at that point she hung up on me. I hope she puts me on a no call list…..lol

Jennifer

We just got the call. the guys were very evasive but threw around a bunch of terminology. We ALMOST fell for this. We fell for the CLSID, the excuse about how McAfee doesnt include these types of viruses, etc. We got as far as http://www.ammyy.com but didn’t give them access to our computer or credit cards. When we really started pushing for more clarification, he got rude and was practically insisting that we do what he said! we hung up. VERY scary.

The14th

I just got one of these, I could smell scam the second he said he was “Windows Support”. But I could work and talk so I decided to waste his time weaving me through the sales pitch. Then I told him to @$&# off and hung up.

Susan

Just got the call. Said they were calling from Brampton (area near Toronto), said they were calling from ‘DNS’, that my computer was being used by Russians to work with other servers to undertake criminal activity, that if I didn’t clear it up within 24 hours I would be held liable, that it was very serious, that they didn’t want anything from me, just doing their job of helping people being targetted by the Russians. All else the same – call centre sounds in the background, Indian accents, CLSID, hung up when I asked for a number to call them back after checking with ‘my computer people’. Thought I’d add the ‘Russian/crime being committed using my computer/my personal liability’ twist to this discussion. Also want to thank David Harley and everyone who took the time to post their reassuring experiences.

Dave

Just come off the phone with a ‘Computer expect’ who told me my machine would crash within 24 hrs if I didn’t do as he said. He explained that he was from Telstra and my machine was causing the network problems. First the event viewer, with lots of ‘errors’ and ‘warnings’, nothing that I was concerned about, and when asked to allow remote access, I refused. He then asked why?. My reply was that I did not know him, and that I will not allow any one remote access to my machine. He then got me to run the ‘CMD’ and then type ‘ASSOC” and then quoted me the ‘CLSID’. Seemed clever, and when he asked for access again as ‘in his words’ he could be trusted, I still refused. I then again said that he could be anyone, I do not know him from Adam, so why should I give him access, and if my internet fails, then I will get on to my provider and get them to sort it out. Just checked GOOGLE and CLSID and I’m pleased that I stuck to my guns and said no. A different approach to trying to get remote access. Shame I couldn’t trace his number. The police might be interested.

Boyd Morrison

same thing today 19/02/2004

Lisa

Got the call this morning, an Indian woman too. I was googling it as she talked, having been the target of several scams before and skeptical of everyone. I was more interested to here what she had to say. She eventually told me she was from the Federal Government and they would have to have my internet disconnected because I was sending out viruses which they had been notifying me about for months?! Wanted me to verify the CLSI number with hers by basically giving her access to my system and eventually I just said good scam but I’m not falling for it and gave her the dial tone.

Bob the Lunatic

just got a call exactly like this from michigan number, even an Indian accent! (most windows tech support is in India now I think.(278) 852-4514

http://dharley.wordpress.com/ David Harley

Actually, there’s been a drift of call centre traffic to the Philippines. I don’t know about (real) Windows tech support, though. However, AFAIK scam calls are almost invariably (still) from India.

http://infiniumit.com Maverick

Thanks for this article. I got this call from a sketchy sounding guy claiming to be from the a third party that Microsoft had contracted to help me with my computer.I knew it was a scam, but I played along with it for a while and actually learned a few new things about my computer!

byjer24

I just got this call today and luckily did a quick search online and found this article. Even after telling him loudly that the CLSID number he just gave me is the exact one i’m looking at in the article for all the world to see he kept on insisting. Luckily he only got as far as giving me the CLSID number He wanted me to do but I didn’t. He said his name was Sampaul, indian accent, calling from Lubbock, TX and gave me this number…855-539-4928. Unfortunately, when he called it said ‘No Caller ID’.

Gazza

Well just had a call from our “Asian Windows Help Desk”. The one that we dont have and starts with the is this you machine do you kow its been badly infected.
ACTIONS TAKEN:
Sat at PC followed all the instructions did the eventviewer bit (so pleased he did because I would have missed doing that bit so much). Carried on drinking my tee and eating my toast (most important when having scammer on the telephone). His a INF UNWANTED FILES seach through the CMB prompt, gave the mandatory gasp of shock to keep them happey and interested, they take me through the ASSOC commant – biggher gasp for theatricla effect, read ovr on his prompt wha is at the bottom of the scolled screen, making up the normal files that arnt there just to keep him interested, then can the TEAMVIEWER down load so he could help me sort out all my terrible issues. Tells me to connect to the internet. This is where I get to have some fun and reply with “connect to what?” – HIM: Inter net, the internet. After 20 minutes of my pretenting I didnt knwo about this Internet thing he wanted, he askes me to hang on – comes bak 3 minutes later and trie with a different voice and name (Yep he didnt do that bit well at all – but still reeling him in ) another 10 minutes untill he asked If I had even been on the internet, I point out that I dont have internet n my tent…… silence and the the penny lands in Asia and I get the “Im going to do this that and the other to your wife”, I know where you live and Im going to do her” I thank him for his kind thoughts and his considerable efforts in marridge councilling. He slams the phone down – Another scammer help up for over an hours when Im watching tv and eating breakfast… isnt life fun?

Annie

Just got this call and they directed me to showmypc.com. At that point I told them I wasn’t comfortable allowing them access without first checking their credentials. He gave me the phone number 866-848-7572 and asked me to call back and ask for Mark. Now I’m thinking I should share this info with the world…so everyone can call him.

Simon

I received this call today and when the guy asked about windows I said “yes I have windows, they are all nice and clean”. He was a bit confused and said again that my computer is full of viruses and errors, I then repeated that I have lots of windows and they don’t have any viruses or errors, they are made of glass and are very CLEAN. he still didn’t get it and again said that my computer is sending viruses out! After about 10 mins of this I asked him what the weather was like from where he was calling from, and did he enjoy his job!!! He said I was wasting his time, so I said I’d rather waste his time with me than with somebody who would fall for this scam…..he then hung up!

smile_its_free

I’m in Australia. Got a call today. I have a mac. I was curious to see how he could explain linking my phone number and ISP address when he shouldn’t have access to that information. He wanted me to press the Windows and “R” key at the same time, I told him “I don’t see the windows key”, he started to get annoyed. He told me he had my clsid number. I asked him to give it to me, so I could verify it. He said “oh its a very long number” I assured him I was a big girl and could handle it. He gave me the number, then kept going on and on and on. I stopped him and just said I think you left a few letters off the end of my clsid number. He said “No, no, I gave you the number” I said “no, you left off ROFPMSL, and you also left off F U” he said “no, there’s no more at the end” I said “oh yes, there’s actually a really big F U in capital letters at the end” Then he hung up.

Tracy

I got this scam call today. When he told me to turn on my computer, I asked “My Linux box or my Mac?” He asked “You don’t use Windows?” I said “No, there are too many viruses and scams with Windows.”

vetolongwene

i got one today. He identified himself as a member of the Microsoft technical team “Jack Williamson” at 9524676389. “Go ahead and call me back, although Microsoft doesnt know anything about us…”. I didnt just yet. He too “transferred me” to his supervisor as i was suspicious to confirm they were jiggy. I did the ASSOC thing knowing the CLSID trick. When he had me read off my event log, i told them there were no errors in it. I downloaded their AMMYY software so i could read him the virus signature in it. When i asked them what virus was attacking my system and what process it was using he seemed confused and defiant and threatened to cut off my internet access. So i hung up and i called the microsoft support line. As they are now a 3rd party payed service run by a company in India, seems like they were in on it too – more than happy to help – but charged by the minute – and didn’t bother to mention that til i asked.

frank

Yep. Just got rid of him. Actually I strung him along for 20 minutes with out following his instructions, just saying yes or no. Do you see a green page? No. you did not enter correctly, enter **************** what ever and press return. Done that (had not). Do you see a green page? No. Ok, lets start again. hold the key with the four squares and press R again. I still wont see a green page. Why not? I’m colour blind, (I’m not). After 20 minutes I got sick of it, started abusing him, calling him names and generally insulting his incompetence. Would you believe he went on giving instructions to ammyy.com. I figure the 120 minutes he was talking to me he was not BSing to some unsuspecting person. What I would like to do is send a tone frequency down thw line that would deafen the caller and maybe wreck their phone. Is that a bit futuristic?

ScamTheScammer

I had this call just now. Knew it was a scam as soon as they mentioned windows security, but as I thought the longer I can keep them on the phone, the less time they can spend bothering others, I played along. At which point I was transferred to a ‘specialist’, by the sounds of it this invloved handing the phone to the person in the next seat. I was on my work computer at the time which is so locked down that I can’t even get to the run prompt they want you to open. I pretended my battery had just run out and I was rebooting, and in the meantime fired up my personal computer, and wrote a quick bat file to run the command on my work computer. I even went for a mooch round the kitchen for a few minutes, apologising for how long it took my machine to boot up (‘it’s quite old. Takes a while to boot up. Yes – maybe it is infected, maybe that’s why it takes so long’….mmm-chocoloate digestive!). Sure enough when I eventually ran the assoc command on both computers they both came back with the same ZFSendTargetTo value that were displaying on both my machines. I asked the ‘speciailist’ to repeat the number a couple of times as I ‘thought’ I may have misheard them due to the crackly phone line. Having got the ‘speciailist’ to confirm their earlier statement that this ID number was unique to my machine and was only known to them as they had received notification of our service breach, I asked how come I had two computers with the same number on both? I asked whether it was because the ‘specialist’ was actually trying to con me? I asked if it was in fact an attempt to take advantage of people who do not necessarily understand much about computers by making them look at something apparently technical and presuming they will not understand? I proposed that actually what they were doing was bordering on criminal and their actions were no more convincing than a poor conjurer being able to guess I had picked the Jack of Hearts from a deck of playing card consisiting entirely of 52 Jack of Hearts’. At this point they hung up, but at least I’d stopped them from bothering anyone else for about 10 minutes.

Not quite the dramatics of finfeathered response below, but I must admit to get a certain amont of pleasure of playing dumb with these people and seeing just what kind of trite rubbish they try and frighten you with, though I always make sure I have disabled my Wifi before following any instructions. The longest I have kept them on the line so far is 15 minutes. I did once tell a different scam that, having gone though the instructions, I could not see the items on screen that they suggested. Having repeated the instructions a number of times, I pointed out that maybe I couldn’t see them because I didn’t have a computer. Or a phone. This seemed to really confuse them….

Bug man

lol just had this call, straight away knew it was a scam, just like anyone who calls telling you you have viruses you don’t know about. i played along for a laugh, purposefully pretending to not have any clue and wasting their time, got passed on to a “specialist” to explain it several times. the more of their time i wasted the less gullible people they can scam. got directed to the letmein website, then just laughed at them for wasting their time.

Grace

I’ve just got the call. NO CALLER ID. He insisted I refused to keep talking. Indian accent on the other side of the tube. Keep your antennas ON, do not fall.

Monty Burns

I just got this call a few minutes ago, I love toying with these guys so I did all his steps with the assoc, etc… just when he tried to get me to go to ammyy.com I asked him what my ip address was – for a guy that knew so much about my computer and all the people hacking it and using my internet he couldn’t even come up with that one, his answer was “I cannot see your ip address because these hackers have stolen it.” :) Fuck I wish these guys would get some real jobs and try to earn an honest living.

Paul

Just got this call. Very similar. I broke it off after they asked to gain remote control using Ammyy. I work in IT Support so I knew it was all bogus but could understand how a novice computer user would fall for it.

ryan

i just got a call from these indian fellows- “alex and “adam”. I knew right away they were bullshit.. but kept them on the line pretending to do all that they asked- right up until the point they asked me to allow them remote access. I said, “you must be getting pretty excited about me letting you do this.. but i knew you were trying to scam me the whole time..” They got really upset and called me a “stupid fucking asshole”. Lots of class here. Troll them back as much as you can when they call- kind of made my day lol

Filipe

I received today a call from this guys. I’m in Portugal and a girl told she was calling from a microsoft support center. I knew it was a scam, then I found this site and get certain.

Diane Lyon

I got a call on May 14, 2014 from a Windows Technical Support Team telling me I am running Windows 7 and that he is showing there’s errors showing and my computer was in the process of being invaded by a virus. It sounded as though he was from India and kept asking me to hit the windows + R key on my keyboard, then type in CMD and hit “okay”. I refused and told him that I was going to contact Microsoft about this. He said they were assisting in notifying all Windows 7 users that their computers were at a risk for being infected and that my computer was showing many errors were occurring while running. I told him i have Windows 8 and requested a number to call back. He was extremely persistent until my husband entered the room and started raising his voice and refusing to get on the phone to speak to this person. The caller heard him, then said he made a mistake in calling us, and that there was nothing wrong with our computers. The one thing my husband and I noticed was when the call came in, it registered as “1unavailable”.

mathew hair

isp provider is in breach of the privacy act as they have given our details to scammers probably for a fee, but I got the call and they new my name address and other details which only my internet service provider could have given them, this is in clear violation or the privacy act and law suits should follow, they didn’t get me with the scam as I said the clsid didn’t match because I knew it was a scam when she said it doesn’t matter which pc you turn on its the same, im thinking how can different pc’s have the same machine id? SCAM but a lot of people will fall for it and our isp should not be passing out our private details, someone should record a call with the scammer saying your details first then clean up and sue your isp for everything so the lesson is learnt by all…..

http://dharley.wordpress.com/ David Harley

I can’t comment on your particular circumstances, of course, but in general the scammers who’ve contacted me have known at most my name and address, not that hard to obtain. Part of the scam is usually to attempt to persuade the victims that they know more about them than they actually do, using tricks like the misrepresentation of the CLSID and a fake IP address. It sounds as if in this case the scammer might have missed the point of the CLSID gambit, which is normally to kid you that the CLSID -isn’t- the same on every machine. (It is, of course, because it has nothing to do with uniquely identifying the PC.)

Nes

Thanks for posting this, I just received one of these scam calls. They claimed they were calling from Microsoft and the number they were dialing from looked to me like a VoIP number (4545454545). Same set up. They had an Indian accent and I could hear other folks in the background making the same calls. I knew when they pointed me to the event log and asked what kind of anti virus I was running that this had to be fake, but can definitely see someone that does not know about computers how they can fall victim to this.

Sam

Heh!!! I got that call right now. I just told them that I prefer to re-install Windows, just to have some fun. So funny… They hung up! Good to be a PC Tech! :-)

Sam

By the way… The phone number is 999-910-0238

Sam

Computers may have the same CLSID they ask for. But, when I asked them for my MAC address, or my computer’s IP, they ignored me and kept on using the CLSID line. Hmmm… Funny thing that they got just part of my PC’s info.

mike

i had similar call today from someone at Askpcexpert with address 207 Melton Road Leicester. LE4 6QD (Should have been LE4 6QT, but i might have misheard him.) He also gave me a telephone number of 02032869239. When I queried this as it is not a Leicester number, he said it was a “toll free” number, not a term generally used in the UK. It is not one of those either.

http://dharley.wordpress.com/ David Harley

Thanks. It’s a much misused London number, though the call was probably redirected from an offshore number.

fizzogs

I just had one of these calls and, rather hilariously, when getting me to type into my PC the caller asked me to type “S – for Scam”! True.

Rob

I was called today and this was the second of such calls, but from different “companies”. The first call was all about the Event Viewer and how that shows evidence of the attack attempts. The second call used the CLSID hook – this was new to me. He guided me to the ASSOC and read off the number, and I really was surprised he had it, since it does look like a unique id – that baffled me a bit. I told him I was going to look this up a second so I could understand what this CLSID was all about. I quickly found articles explaining the cold-call scams and read a few lines from it for him and then to my amazement – I read the CLSID from within the text of the article and I asked this kind, knowledgeable gentleman why my unique ID was actually posted within this wiki-pedia type web site article – you know, because this is supposed to be a unique ID to only my computer! He hung up before I could continue the fun.

Ceria

I’ve just had a phone call from Windows support saying that my computer has been hacked and my name is being used to hack into banks and big business computers. He was obviously reading from a script, but VERY pushy indeed. told me that the hackers had got hold of my computer licence number, which he quoted as 00C04FD7D062 (see below) and told me to go to the command prompt and type in ASSOC. Guess what, that number came up at the bottom of the list which he read out to me and I had to verify. Then I had to type in netstat -ano, before I did that, I declined and ended the call, he wasn’t giving up easily and phoned back 4 times by which time I refused to answer.

Clair

this is still going on – got the call for the 4th time today, improved English so got to listen and he quoted CLSID and gave the number {888DCA60-FC0A-11CF-8F0F-00C04FD7D062}. I refused to run any commands and constantly questioned his validity, but he hung on in there and basically stated if I don’t do as he says and the my computer does go off with “the blue screen” my only option will be to take it to Liverpool! At this point I went mental and hung up. Thanks for information as you have confirmed for me it is a scam.

Lisa

Hi. Thanks for your excellent article. I just got a call from the Windows Help Desk telling me my PC had an infection. Given the heavily accented Indian voice, patronising attitude and complete absence of knowledge of my computer, I assumed they must be scammers. They asked for my CLSID but the ‘supervisor’ ended up putting the phone down on me, as I wasn’t doing as they said. Given the publicity surrounding recent security lapses, I had a tiny doubt that they could have been genuine, but I now know my instincts were right having read your fantastic article. Thank you for giving me some peace of mind.

Henry Van Wyk

LOL got this tonight, here in South Africa. I knew it was a scam but let them connect with amy remote software after holding them for 30 min and then disconnected them just as they thought they had me :)

Wayne

I got the call last night. I had my suspicions so I told them I didn’t have a lap top just a Ipad and he goes ohh shit an hung up on me

Kev

I got the call last week from the Windows Support Team. I told them I was actually going to call them as I live in a cave.
A brief discussion ensued, when I pointed out that I didn’t have a computer and that the only Windows I was interested in were the type that would shed some light into the dark recesses of my home, they uttered a few expletives and then hung up.

Nate

Thank you for this post… Today I got a call from some Guy, but luckily i could google fast enough to find out it’s scam :)

Paul

I just got this scam today. Got really close to letting them in. Run assco in a cmd window…. CLISID matched what they asked me to write down… then asked me to connect to Windows Service Centre URL. hxxp://mwgs.webs.com/… At this point it looked dodgy… They asked my to click to connect to the server.. this downloaded an AA file which I refused to run until I had virus checked it.. At this point they said they would disconnect and my Microsoft Licence would be deactivated. (more pressure to continue). I said Ok revoke my licence and I will follow up with Microsoft. and they hung up……. Close call

http://dharley.wordpress.com/ David Harley

Thanks. Looks like that URL is a site that links to remote access tools like Teamviewer, but is meant to look officially Microsoft-ish. Looking into it, but I may well blog on it.

Karen

I got the call today. When I got very suspicious, (after running cmd assoc, and told him I was suspicious and didn’t want to proceed with the call), I hung up on him. He called back, I accused him of being a scammer, and he used extremely heavy profanity on me. At that point I knew for SURE he was a scammer.

Minmouin

I know that this thread is years old but I am embarrassed to admit that my mother-in-law fell victim to this scam 3 days ago. Now her laptop is locked and I cannot access it to unlock it. It locks before it even boots into windows.
She got the call, much like I have been hearing and was told that he was a windows tech and that her pc was sending errors to their servers. He proceeded to show her where these errors were stored using command prompt and minutes later she was granting remote access. He went into her windows license and changed a password and some other configuration that she can remember before she turned her laptop off. He then told her that he could fix her issue for I think $100 or the computer would be useless. Is it too late? Can I try running a Recovery CD? He also siad that her windows software will now be blacklisted.

http://dharley.wordpress.com/ David Harley

I’m not sure exactly what damage has been done here, though it does sound as if it was deliberately damaged. If you can find a reputable local repair facility, that’s probably safer than us trying to diagnose and recommend recovery methods from here. OTOH the blacklisted Windows sounds an attempt to scare with a bluff.

Heffer2

They just called me and that’s why I’m here. They must be on a roll. He even gave me a fake phone number after I told him I needed to call Microsoft to verify his existence.

WKrasl

Okay, so I got the call last night with “Unknown” in caller id. I’ll answer those since they are sometimes legit, but always have my guard up on those. The guy with the thick Indian accent persuaded me to get paper and pencil and write down the long ID, and then “proved” he was legitimate by having me display the same ID with the ASSOC command.

I had enough IT experience to be comfortable I had not been asked to do anything insecure YET. But I also told him I had no way of confirming if that ID was unique to my computer. That’s when I got transferred to his supervisor.

That person then spent quite a while, mostly repeating himself in various ways, trying to convince me he and his company are legitimate and they had been receiving virus-generated error messages back to the Windows servers. I still wasn’t convinced, though not yet sure it was a scam. So we spent more time with me explaining to him, also in various ways, that I would be happy to follow corrective action sent to me in an email IF and ONLY if the email came from a Microsoft.com address. (I also said he would have to look up my email address in the same source where he got my phone number.) So we then argued about that requirement, with him saying he worked for a Windows support company, not Microsoft.

This had been going on, round and round, for about 20 minutes. Finally, in the face of his persistence trying to get me to enter more commands, I carefully and clearly explained that, as a retired IT Security engineer I have to protect myself by requiring proof of his company’s valid relationship with Microsoft, and that “I am going to hang up in just about one minute,” wondering if he would say anything more that might keep me talking to him.

He then tried to persuade me that, being retired, I was not up on the latest security issues and remedies … CLICK (the sound of me hanging up).

I then Googled “Windows CMD ASSOC scam” and found this web site. Very nice. I’ve enjoyed reading the many comments, and am only sorry that I hadn’t kept them on the phone for more than 20 minutes.

In the meantime, I posted a link to here on my Facebook page in hopes I can save at least one (less IT savvy) friend from grief. Thanks for being here for all of us.

amh123

I just had this scam today also .. was a new one to me not the normal I don’t know anything about computers type.. the call went exactly as above but mine had a twist that was very strange. When I advised the person on the phone I had checked the scam sites and this was a scam he then went on the attack that he was a professional hacker and could already hack my machine and was going to clean out my bank (I recorded the entire segment of the call) .. this was a strange response I thought but then as I told him I was notifying the police he said go ahead they cant catch me and then said he would leave me alone though if I just paid him $18 which I refused all the same .. has been an hour and still have all my money .. just don’t give them access to your machines please this is how they get money not from the annoying phone call..

Claudia

Just got a call from “Windows Cyber Support”. Indian/Asian sounding woman urgently and excitedly warning me of “fatal run-dl virus” that she would help me fix in 5 minutes or else my computer would crash!!!!! The call was from New York (347)960-4787. When I asked her why Microsoft didn’t e-mail me, she said “we tried to but the virus blocked us!” Here’s the funny part: when I asked her for a contact number and name where I could call back – she yelled “idiot” in the phone and hung up on me. There’s some humorous irony in this – maybe someone can explain this.

James McLean

Still being called in July, 2014.

Steven Rush

I got the same call several times. I enjoy taking as much time from them as possible. I play dumb, give them false information. Tell them whatever I can to keep them talking. Last call lasted 45 minutes, I figure that the more time I take, the less time they have to talk to people that will fall for it. I have set up an old computer with false quick books records and load of other false documents and false information. My next bit of fun will be to see how far they go with this scam.

http://dharley.wordpress.com/ David Harley

Thanks for your suggestion, but there are a few issues here. First, we don’t attempt to give – or approve – advice on specific fixes here unless we’re sure that there are no hidden snags that might cause unintended harm to a less knowledgeable computer user (and those who are technically knowledgeable probably won’t ask for help here). Secondly, we don’t approve links in comments unless we’re pretty sure that they’re safe and authentic. In fact, for a while links were automatically stripped in the old ESET Threatblog, which I thought was slightly over the top but did make life a little easier in that comment management can be very time-consuming, and validating links you don’t know is sometimes decidedly non-trivial. Another is that I’m not going to recommend a product I haven’t tested myself, which is the case with the boot CD you recommend. If I approved a comment that included the link, that could be seen as some sort of endorsement, and that’s not going to happen. The other point is that while it looks as though the tool is quite legitimate and certainly has its uses for someone like yourself who’s technically knowledgeable, it includes functionality that could be dangerous in the hands of someone less knowledgeable. So my advice is still to consult a knowledgeable third party.

http://dharley.wordpress.com/ David Harley

Thanks for your suggestion, but there are a few issues here. First, we don’t attempt to give – or approve – advice on specific fixes here unless we’re sure that there are no hidden snags that might cause unintended harm to a less knowledgeable computer user (and those who are technically knowledgeable probably won’t ask for help here). Secondly, we don’t approve links in comments unless we’re pretty sure that they’re safe and authentic. In fact, for a while links were automatically stripped in the old ESET Threatblog, which I thought was slightly over the top but did make life a little easier in that comment management can be very time-consuming, and validating links you don’t know is sometimes decidedly non-trivial. Another is that I’m not going to recommend a product I haven’t tested myself, which is the case with the boot CD you recommend. If I approved a comment that included the link, that could be seen as some sort of endorsement, and that’s not going to happen. The other point is that while it looks as though the tool certainly has its uses for someone like yourself who’s technically knowledgeable, it includes functionality that could be dangerous in the hands of someone less knowledgeable. So my advice is still to consult a knowledgeable third party.

BJ

They just called me from “Out of Area” on my caller ID. They wanted me to give them control of the computer, since they were calling me from “Microsoft Windows” and my computer has been sending them information that I have Malware issues (yeah, right). I asked them for the IP Address of the computer sending the info, as I have more than one computer operated by more than one person. They said it was my “oldest” computer. I again asked for the IP address, but they said they’d give my the CLS ID instead. While they were asking me, I went to Bing and asked for my CLS ID, got this article, and knew for certain (even through I was already pretty sure) that it was a scam. Thanks for the help in making up my mind to tell them not to call again and hang up.

Buck

Just got done saying goodbye to one of these callers. Initial call was a heavy Indian accented male. Directed me to run eventvwr. I remained skeptical, and was passed to a supervisor.He had me run the assoc command, and surprise! surprise! the CLSID was identical to the one listed above. So I went to another computer, and ran assoc – same CLSID, which the supervisor stated was due to being on the same network. I asked if I were to reboot my router and cable modem, to force the internet provider to assign a new IP address, if the CLSID would change, and he assured me it would. Right about then I googled CLSID, and found this article, confirming my suspicion that this was a scam.

GM

Just a got same call today in England from woman with Indian accent, saying my computer was infected and that I should look at my CLSID number which only 2 people know, in order to verify she was genuine. She had guessed my Windows version but it all sounded suspicious. Then her colleague got on the phone and wanted me to look at my CLSID but I said I only had 3 minutes after which I was going out. He said he needed 20 minutes and asked when he could call back, told him not sure and put the phone down. Good to have confirmation that it was indeed a scam and I made the right decision.

GM

By the way, the phone call came from what looks like an international number:
16313 639897

Schweick

Perfect! This is exactly what happened to me, Indian accent and all! But frankly he had me, until I (luckily), after hitting the ASSOC command, happened to read a different CLSID in the resulting text readout from the “888…” that appears at the bottom. I just happened to miss that one at the bottom, and after reading him the one at the top “.mapimail=CLSID…” which was different, he told me that I was lying!! At this point it became obvious to me that it was a scam. I had fun shoving logic at him them… “tell me, why in the world I would lie to you if you are here to help me?! You, on the other hand have, if you are NOT who you say you are, every incentive to lie to me!” He totally flustered… couldn’t handle that logic.

What bothered me was that I still did not know what a CLSID was and, after hanging up on him, I found the version at the bottom of the text which did match his “888…” I began to worry a bit more.
Unfortunately I then made the mistake of trying to get hold of a real person at Microsoft instead of simply checking online by Googling “CLSID”. It took me the better part of 2 hours to finally find a way to actually talk to a Microsoft person… who then rather unsympathetically told me that Microsoft does not call people unsolicited. He was not terribly helpful until I insisted on him telling me what a CLSID actually was… and then finally that essentially all Windows 7 (& subs?) had the same “888…” # that the guy had read me.
Finally… I googled CLSID, and I got here. Where I found total confirmation of this scam. Why didn’t I do this while I had the guy online??!!

Jaxxx

Received a call from this scam crew this morning (01 Aug ’14); third call in the last six weeks. This guy with a heavy East Indian accent kept asking, “are you <> hello, hello”. I responded, “you called me, I’d expect you to know who you’re calling…” Said he was from the ‘Government’ Cyber Security Department. “Which government?” (I am in Ottawa, Canada…) “Ottawa Government” he said. Indeed! I asked “So you are associated with a Federal Government of Canada department?” “No. We are http://www.whatsmynetid look it up”. I asked where he was located. “In Ottawa”. I told him that I live in Ottawa, and can’t understand why if he’s in Ottawa why is the line so bad and everyone is in the background speaking in East Indian accents. “That’s your perception” was his line! Wanted me to press ‘the key at the left bottom of your keyboard with the window on it. And press R at the same time” like I am some halfwit. Basically, he wanted me to enter a script and read out some information to him. Last time this crew identified themselves as the Windows Security team and my error messages were crashing their firewall. “Not my problem”. My PC is fine. ha-ha-ha.

Dale Gombert

Thanks for the great write-up. Got the call today (Aug 1, 2014), and he started with the assoc command. Turns out I misunderstood the thick accent, so I was typing accoc, and got essentially “bad command or filename”. So he went the EventViewer route, thought he had me with all those terrible log entries, and said he’d transfer me to expert help. I told him we’d been on the phone long enough, and i wasn’t about to run any commands that would allow them to load their own Trojans, and hung up on him. I read this after-the-fact, and feel better that this was such a good match.

Paul de Krom

They wanted me to connect on http://mscorp.yolasite.com/ could give me the id, but not the ip address harassing them. Good to read here the id is not unique and a lot of people get called from indua.

mike

Just got off the phone with the scammed myself. My mother in law got suckered in a few years back. I told the Indian sounding fellow that we must have a bad connection got transferred 4 steps up the chain of command played along until I got through the c: prompt and the CLISD game and he wanted me to type something else at the c: prompt and I said I didn’t want to play any more. I rather enjoyed myself.

rick

same scam today, August 19, 2014

rick

when i asked what city she was calling from, she said California. She couldn’t prounounce a city name and started to spell it. Later, when I asked for a number to call back later, she gave me a 631 area code, which turned out to be someone’s personal cell phone in New Jersey. She also said her name was Nancy George. Lots of fun trying to trip herup, but she was very persistant to the point of asking when would be a good time to call again. This is the second call in about two weeks.

Rob

Yeah me too – claiming to be from my internet provider
they claimed they where shutting my net access down for 2 months due to “malicious activity”
the script was basically identical to poster finefeathered
they claimed it was infected etc
both Indian accents
however I did get a Name (Probably Fake)
and the inbound number as well as a number they gave me (to “Authenticate” they are my service provider) and a “Company ID”

very convincing to an untrained person

AcuraRDX

I just received a call like that. Hindu accent, saying “your computer is sending out error codes, and it needs to be stopped. Please tell me your CLSID, I can tell you how to obtain this number and then I can stop this problem.” I told him I don’t trust you at all, he replied, “oh sir you can trust me, I am authorized by Microsoft, we are a support desk that deals with these issues, please go to your computer, I will tell you how to get your unique CLSID” I had enough and hung up.

Andrew

Very noticeable Indian accent. Followed the CLSID script reported above.
He eventually called me an idiot and I told him he was the one staying on the line for 20 minutes while I trolled him, because I don’t own any Windows PCs!

TDcincy

I received this call today….I knew immediately that this was some sort phishing sceam as soon as they start quoting that they were MCSEs working with Microsoft and that I had some sort of malware downloading on my pc. I kept them on the phone for about 20 minutes until they wanted me to go to the ammyy.com site. At that point, I made it clear that I was on to their scam. It pissed them off to the point that they dropped the F bomb on me before hanging up.

Steff

I got a call today from the Out of Area gang who said they were from Microsoft Support, with a new twist, the URL they gave me to their Get Support link: http://www.windowscare.us/microsoft.com/ – so I sent a complaint to the real Microsoft Support and asked them to stop the fraud. I went to WHOIS and found the domain is registered to a Windows Tech Support group in New York whose contact is Ali. I hope MS can get these guys to stop. No telling how lucrative their scam is, and how many innocent people have been duped! Thanks all for sharing – the best laugh I’ve had in a long time!